CompTIA CASP+ (CAS-004) — Question 72

Company A acquired Company ׀’. During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A's security program.
Which of the following risk-handling techniques was used?

Answer options

• A. Accept
• B. Avoid
• C. Transfer
• D. Mitigate

Correct answer: D

Explanation

The correct answer is D, Mitigate, because placing a firewall is a proactive measure to reduce risk until a more permanent solution can be implemented. The other options do not apply here: Accept means acknowledging the risk without action, Avoid means eliminating the risk altogether, and Transfer involves shifting the risk to another party.