Exam CAS-004 topic 1 question 123 discussion

If you're doing something concrete to handle the risk (like in this case putting up a firewall), then you're attempting to mitigate the risk.

This question is terrible. In a context: The firewall MITIGATES the risk of exposure from B to A, yes... BUT In a context: The inadequate patch problem still exists for B, so the core problem is not mitigated for B at all. This is a TRANSFER of risk from A to B. BUT In a context: A acquired B. So technically (legally) both are A. So isn't that ACCEPTANCE until B to A infrastructure integration? I vote Accept, because it is time-bound by infrastructure integration. God help us all.

Something was done to reduce (Mitigate) the risk. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

In this scenario, Company A identified a risk (inadequately patched infrastructure in Company B's environment) and took steps to reduce the potential impact of that risk (by placing a firewall between the two environments). This is an example of risk mitigation, which is the process of reducing the likelihood or impact of a risk. By implementing a firewall, Company A is taking a proactive approach to reducing the risk of a security breach in Company B's environment.

D is the correct answer

A technical control was implemented in order to mitigate the risks associated with that merge.