Certified in Risk and Information Systems Control (CRISC) — Question 721

Risk mitigation procedures should include:

Answer options

• A. buying an insurance policy.
• B. acceptance of exposures.
• C. deployment of countermeasures.
• D. enterprise architecture implementation

Correct answer: C

Explanation

The correct answer is C, as deploying countermeasures directly addresses and reduces identified risks. Options A and B are more about transferring risk and accepting it rather than actively mitigating it. Option D pertains to structural planning rather than specific risk mitigation tactics.