CompTIA SecurityX (CAS-005) — Question 64

A regulated company is in the process of refreshing its entire infrastructure. The company has a business-critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company should take?

Answer options

• A. Accept the risk as the cost of doing business.
• B. Create an organizational risk register for project prioritization.
• C. Implement network compensating controls.
• D. Purchase insurance to offset the cost if a failure occurred.

Correct answer: B

Explanation

The correct answer is B, as creating an organizational risk register helps in identifying, assessing, and prioritizing risks associated with the old server, allowing the company to take informed actions. Options A and D do not address the proactive management of the risk, while option C, implementing network compensating controls, may not resolve the fundamental issue of the outdated server's reliability.