CompTIA CySA+ (CS0-003) — Question 236

A security analyst needs to develop a solution to protect a high-value asset from an exploit like a recent zero-day attack. Which of the following best describes this risk management strategy?

Answer options

• A. Avoid
• B. Transfer
• C. Accept
• D. Mitigate

Correct answer: D

Explanation

The correct answer is D, Mitigate, as this strategy involves implementing measures to reduce the impact or likelihood of an exploit. Avoiding would mean eliminating the risk entirely, transferring would involve shifting the risk to another party, and accepting would mean acknowledging the risk without taking any action, which does not effectively protect the asset.