CompTIA CySA+ (CS0-003) — Question 422
After identifying a threat, a company has decided to implement a patch management program to remediate vulnerabilities. Which of the following risk management principles is the company exercising?
Answer options
- A. Transfer
- B. Accept
- C. Mitigate
- D. Avoid
Correct answer: C
Explanation
The correct answer is C, Mitigate, because implementing a patch management program directly addresses and reduces vulnerabilities by applying necessary updates. The other options are incorrect as Transfer involves shifting the risk to another party, Accept means tolerating the risk, and Avoid entails eliminating the risk entirely rather than addressing it.