CompTIA Security+ (SY0-601) — Question 755
When selecting a technical solution for identity management, an architect chooses to go from an in-house solution to a third-party SaaS provider. Which of the following risk management strategies is this an example of?
Answer options
- A. Acceptance
- B. Mitigation
- C. Avoidance
- D. Transference
Correct answer: D
Explanation
The correct answer is D, Transference, as the architect is shifting the responsibility and risk of identity management to the third-party SaaS provider. Options A (Acceptance) and B (Mitigation) do not apply here because the risk is not being accepted or reduced, and option C (Avoidance) is incorrect because the risk is not being eliminated but rather transferred.