CompTIA CASP+ (CAS-004) — Question 594

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems.
Which of the following now describes the level of risk?

Answer options

• A. Inherent
• B. Low
• C. Mitigated
• D. Residual
• E. Transferred

Correct answer: A

Explanation

The correct answer is A. Inherent risk refers to the level of risk that exists in the absence of any controls, which is applicable here given the automated purchasing issue. Other options like Low, Mitigated, Residual, and Transferred do not accurately capture the risk level before any mitigation measures, such as the proposed CAPTCHA, are applied.