Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages?
A. Risk transference
B. Change management
C. Configuration management
D. Access control revalidation
CompTIA Security+ Question I-60
A network administrator has identified port 21 being open and the lack of an IDS as a potential risk to the company. Due to budget constraints, FTP is the only option that the company can is to transfer data and network equipment cannot be purchased. Which of the following is this known as?
A. Risk transference
B. Risk deterrence
C. Risk acceptance
D. Risk avoidance
CompTIA Security+ Question H-45
Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?
A. To ensure that false positives are identified
B. To ensure that staff conform to the policy
C. To reduce the organizational risk
D. To require acceptable usage of IT systems
CompTIA Security+ Question F-41
Which of the following is BEST carried out immediately after a security breach is discovered?
A. Risk transference
B. Access control revalidation
C. Change management
D. Incident management
CompTIA Security+ Question E-24
Emily, the Chief Security Officer (CSO), has had four security breaches during the past two years.
Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years.
Which of the following should Emily do to address the risk?
A. Accept the risk saving $10,000.
B. Ignore the risk saving $5,000.
C. Mitigate the risk saving $10,000.
D. Transfer the risk saving $5,000.