CompTIA Security+ (SY0-701) — Question 352

A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?

Answer options

• A. Reject
• B. Accept
• C. Transfer
• D. Avoid

Correct answer: B

Explanation

The best approach in this situation is to accept the risk, as the system is critical and cannot be modified or taken offline. Rejecting, transferring, or avoiding the risk would not be feasible due to the importance of the system to business operations.