CompTIA CASP+ (CAS-004) — Question 446

A regulated company is in the process of refreshing its entire infrastructure. The company has a business-critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company take?

Answer options

• A. Accept the risk as the cost of doing business.
• B. Create an organizational risk register for project prioritization.
• C. Implement network compensating controls.
• D. Purchase insurance to offset the cost if a failure occurred.

Correct answer: B

Explanation

The correct answer is B because creating an organizational risk register helps identify, assess, and prioritize risks associated with the critical process, enabling informed decision-making for infrastructure updates. The other options do not effectively address the risk; accepting risk (A) is inadequate for a business-critical process, while compensating controls (C) and purchasing insurance (D) may not prevent loss but rather mitigate it after the fact.