CompTIA CASP+ (CAS-004) — Question 527

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.
Which of the following should the organization perform NEXT?

Answer options

• A. Assess the residual risk.
• B. Update the organization's threat model.
• C. Move to the next risk in the register.
• D. Recalculate the magnitude of impact.

Correct answer: A

Explanation

The correct next step is to assess the residual risk to understand the remaining threat after mitigations have been applied. Updating the threat model or moving to the next risk does not address the current situation, and recalculating the magnitude of impact is premature without first evaluating the remaining risks.