New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CAS-005 Exam - Topic 3 Question 14 Discussion

Actual exam question for CompTIA's CAS-005 exam
Question #: 14
Topic #: 3
[All CAS-005 Questions]

[Security Architecture]

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?

Show Suggested Answer Hide Answer
Suggested Answer: A

After applying mitigations that reduce the likelihood of a risk's impact, the next step is toassess the residual risk---the risk that remains after controls are implemented. This ensures the organization understands if the mitigation is sufficient or if further action is needed, aligning with risk management best practices.

Option A:Correct---residual risk assessment is the logical next step to evaluate the effectiveness of mitigations.

Option B:Updating the threat model might follow but isn't immediate; residual risk comes first.

Option C:Moving to the next risk skips evaluating the current mitigation's success.

Option D:Recalculating impact magnitude is part of residual risk assessment but isn't the full process.


by Chanel at Apr 29, 2025, 03:37 AM

Limited Time Offer

25%

Off

Get Premium CAS-005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Burma
2 months ago
Recalculating the impact is a good idea too, but not the priority here.
upvoted 0 times
...
Kristel
2 months ago
Surprised they didn’t fully remediate, but I guess mitigations help.
upvoted 0 times
...
Cherry
3 months ago
Moving to the next risk seems a bit hasty, don’t you think?
upvoted 0 times
...
Chandra
3 months ago
I think updating the threat model is more important.
upvoted 0 times
...
Octavio
3 months ago
Definitely assess the residual risk first!
upvoted 0 times
...
Refugia
3 months ago
Recalculating the magnitude of the impact sounds relevant, but I feel like it might come after assessing the residual risk.
upvoted 0 times
...
Theodora
4 months ago
I remember something about moving to the next risk, but it feels like we should really understand the current risk first.
upvoted 0 times
...
Pearlene
4 months ago
I'm not entirely sure, but updating the threat model could also be important. We did a practice question on that, right?
upvoted 0 times
...
Teddy
4 months ago
I think we talked about assessing residual risk after applying mitigations. It seems like the logical next step.
upvoted 0 times
...
Sherita
4 months ago
I'm not totally confident on this one. The options seem similar, but I think assessing the residual risk is the best choice since the full remediation wasn't possible. I'll make sure to double-check my answer.
upvoted 0 times
...
Carey
4 months ago
Okay, I've got this. After applying mitigations, the organization should assess the residual risk to determine if it's now at an acceptable level. That's the key next action here.
upvoted 0 times
...
Timothy
5 months ago
Hmm, I'm a bit unsure about this one. I know we covered risk assessment and mitigation in class, but I'm having trouble remembering the specific process. Let me think this through step-by-step.
upvoted 0 times
...
Sharita
5 months ago
This seems like a straightforward question about risk management. I'll carefully review the options and think through the logical next steps.
upvoted 0 times
...

Save Cancel