ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 219 - CAS-004 discussion

Report
Export

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1- There will be a $20,000 per day revenue loss for each day the system is delayed going into production.

2- The inherent risk is high.

3- The residual risk is low.

4- There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

A.
Apply for a security exemption, as the risk is too high to accept.
Answers
A.
Apply for a security exemption, as the risk is too high to accept.
B.
Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.
Answers
B.
Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.
C.
Accept the risk, as compensating controls have been implemented to manage the risk.
Answers
C.
Accept the risk, as compensating controls have been implemented to manage the risk.
D.
Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.
Answers
D.
Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.
Suggested answer: A
asked 02/10/2024
Phanel Xavier
46 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first