CompTIA CASP+ (CAS-004) — Question 70

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.
Which of the following BEST describes this kind of risk response?

Answer options

• A. Risk rejection
• B. Risk mitigation
• C. Risk transference
• D. Risk avoidance

Correct answer: C

Explanation

The correct answer is C, Risk transference, because by purchasing insurance, the company is shifting the financial burden of potential cybersecurity incidents to the insurance provider. The other options are incorrect: Risk rejection means accepting the risk without action, Risk mitigation involves reducing the risk, and Risk avoidance means eliminating the risk entirely.