ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 46 discussion

Actual exam question from CompTIA's CAS-003
Question #: 46
Topic #: 1
[All CAS-003 Questions]

Management is reviewing the results of a recent risk assessment of the organization's policies and procedures. During the risk assessment it is determined that procedures associated with background checks have not been effectively implemented. In response to this risk, the organization elects to revise policies and procedures related to background checks and use a third-party to perform background checks on all new employees. Which of the following risk management strategies has the organization employed?

  • A. Transfer
  • B. Mitigate
  • C. Accept
  • D. Avoid
  • E. Reject
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by tek at March 16, 2020, 11:53 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tek
Highly Voted 5 years, 3 months ago
Using a third party to provide any service is usually a transfer of risk
upvoted 6 times
D1960
3 years, 12 months ago
I am not sure that holds in this case. Just because you transfer *procedures* to a third party does not mean you transfer the *risk* to a third party. The company still takes the risk of a bad background check. Transferring risk to a third party usually means the 3rd party is insuring against that risk.
upvoted 3 times
...
...
arawaco
Highly Voted 4 years ago
the answer is B. Is true, the company use a third party to perform backgroud check, but not more. Risk transfer involves one party assuming the liabilities of another party. The statement does not describe any kind of responsibility. The other company acts as a "tool" .
upvoted 6 times
...
tirajvid
Most Recent 1 year, 5 months ago
This is a terrible question. If the third party SLA agrees to pay a compensation , if they did a sloppy job screening an employee, then its risk transfer. Otherwise its just risk mitigation.
upvoted 1 times
...
vorozco
3 years, 4 months ago
Selected Answer: B
B. Mitigate I agree with arawaco's reason.
upvoted 1 times
...
SoniSoni
3 years, 11 months ago
they are mitigating the risk. transfer would be the right answer if they had not evaluated their plan first
upvoted 3 times
...
D1960
4 years, 2 months ago
"Revise policies and procedures related to background checks" is an example of risk mitigation. To "Use a third party to provide background checks" is usually an example of risk transfer. Take your pick. This is another stellar example of a hopelessly ambiguous - and therefore unfair - CompTIA question. I am going to guess risk mitigation. The reason the risk is lessened is because the policies and procedures have been changed. Not because a third party is doing the background check. If the company gave the task to the third party with the old policies and procedures the risk would be that same. Arguably, the risk is not being transferred to the third party, because the third party can claim "we just followed *your* policies and procedures." In this case, the third party is not an insurer, just somebody else to implement the policies and procedures. So that is what I am going with. Although, I think going with risk transfer could also be perfectly reasonable.
upvoted 1 times
...
NerdyMom4
4 years, 7 months ago
The answer is A. Anytime you push the risk off on a Third Party to manage is called Transference or Risk Transfer...
upvoted 5 times
D1960
3 years, 12 months ago
But the company has not transferred the risk, only the duties.
upvoted 3 times
...
...
Rankin
4 years, 8 months ago
I think both A and B are correct to an extent, however ultimately the risk is transferred so answer is A
upvoted 3 times
...
PDVS
5 years, 1 month ago
The company is revising its policies then giving it over to a 3rd party, this is Mitigation, and then transfer.
upvoted 4 times
infosec208
4 years, 2 months ago
100% agree. Given answer is correct. Remember kids "To mitigate the risk means that a control is used to reduce the risk." i.e. you can't implement your own procedures correctly so you mitigate it by having a company that does it for a business do it for you.
upvoted 2 times
...
...
tek
5 years, 3 months ago
A. Transfer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel