CompTIA CASP+ (CAS-004) — Question 99

A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?

Answer options

• A. Accept
• B. Avoid
• C. Transfer
• D. Mitigate

Correct answer: D

Explanation

The correct answer is 'Mitigate' because the department has taken steps to limit access to the unencrypted file, thereby reducing the risk associated with it. 'Accept' would imply no action was taken, 'Avoid' would mean eliminating the risk entirely, and 'Transfer' would involve shifting the risk to another party, which is not applicable here.