CompTIA Security+ (SY0-501) — Question 613

A Chief Information Officer (CIO) has decided it is not cost effective to implement safeguards against a known vulnerability.
Which of the following risk responses does this BEST describe?

Answer options

• A. Transference
• B. Avoidance
• C. Mitigation
• D. Acceptance

Correct answer: D

Explanation

The correct answer is D, Acceptance, as the CIO has chosen to acknowledge the risk without taking further protective measures. Transference involves shifting the risk to another party, avoidance means eliminating the risk entirely, and mitigation refers to reducing the impact or likelihood of the risk, none of which apply in this scenario.