CompTIA CASP+ (CAS-004) — Question 576

A company is acquiring a competitor, and the security team is performing due diligence activities on the competitor prior to the acquisition. The team found a recent compliance audit of the competitor's environment that shows a mature security infrastructure, but it lacks a cohesive policy and process framework. Based on the audit findings, the security team determines the competitor's existing security capabilities are sufficient, but they will need to incorporate additional security policies. Which of the following risk management strategies is the security team recommending?

Answer options

• A. Mitigate and avoid
• B. Transfer and accept
• C. Avoid and transfer
• D. Accept and mitigate

Correct answer: D

Explanation

The correct answer is D, as the security team is suggesting to accept the existing capabilities while mitigating the risk by incorporating additional security policies. The other options suggest strategies like transferring or avoiding risks that do not align with the need to enhance the current security framework.