Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
The IT security manager knows that by installing an anti-virus software, all of the virus attacks are not taken care of. The anti-virus software must be updated regularly to catch most of the attacks. Zero-day attacks are not taken care in signature based anti-virus solution. % %What risk strategy does the IT security manager exhibit when he deploys the software after understanding zero-day attacks are not taken care of?
risk avoidance
risk acceptance
risk transfer
risk mitigation
Risk acceptance is the strategy when the risk and its impact is analyzed, mitigated and accepted. The IT security manager is aware that his product cannot defend against all virus; it can only defend against viruses that the product is programmed for. He is accepting the risk while buying the anti-virus software. Risk mitigation happens when the anti-virus software is installed on the systems. Risk avoidance is not correct as the risk of virus impacting the system cannot be avoided for a live system. Risk transfer is not applicable, in that risk transfer is about holding someone accountable for impact. Risk appetite is the level of risk that an organization is willing to accept.
This question is very poorly worded. Deploying a signature based anti malware tool doesn’t address zero Day vulnerabilities but it is reducing overall risk as a risk mitigation technique. If the author truly wants risk acceptance as a choice the question should end with “if the IT activity decides not to implement any controls to cover zero day attacks what type of risk treatment is being chosen.”
EDIT: This question is not correct. The Manger knows that that the solution will not protect against zero days. It won't even mitigate zero days. The admin is choosing to ACCEPT THE RISK with implmenting the anti-malware.
Edit: This question is worded fine. He clearly specifies he is talking about the risk left over after the antivirus is installed (residual risk) and how he is handling that leftover risk (risk acceptance.) Don't change answers because you don't like the verbage.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.