CompTIA Security+ (SY0-701) — Question 145

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Answer options

• A. Mitigate
• B. Accept
• C. Transfer
• D. Avoid

Correct answer: A

Explanation

The correct choice is to Mitigate, as it involves implementing measures to reduce risk associated with the critical legacy application. Accepting the risk, transferring it, or avoiding it are not ideal first steps when preventative controls can be established to protect vital business operations.