CompTIA Exam CAS-005 Topic 3 Question 14 Discussion

Actual exam question for CompTIA's CAS-005 exam

Question #: 14
Topic #: 3

[Security Architecture]

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?

AAssess the residual risk.

BUpdate the organization's threat model.

CMove to the next risk in the register.

DRecalculate the magnitude of the impact.

Show Suggested Answer

Suggested Answer: A

After applying mitigations that reduce the likelihood of a risk's impact, the next step is toassess the residual risk---the risk that remains after controls are implemented. This ensures the organization understands if the mitigation is sufficient or if further action is needed, aligning with risk management best practices.

Option A:Correct---residual risk assessment is the logical next step to evaluate the effectiveness of mitigations.

Option B:Updating the threat model might follow but isn't immediate; residual risk comes first.

Option C:Moving to the next risk skips evaluating the current mitigation's success.

Option D:Recalculating impact magnitude is part of residual risk assessment but isn't the full process.

by Chanel at Apr 29, 2025, 03:37 AM

Limited Time Offer

25%

Off

Get Premium CAS-005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!