>_COMMAND ZERO
medium
Single Answer
0

Pedro’s organization uses industrial machinery, which runs an RTOS that is no longer sup- ported. His organization’s policies require systems to be removed from service if they cannot be patched for security issues, and the RTOS has a known vulnerability. The machines are very expensive and are a core part of the organization’s industrial processes. What risk process would Pedro follow if he wanted to retain the devices, despite the risk?

Answer Options

A

Transfer the risk.

B

Seek an exception.

C

Document the risk.

D

Mitigate the risk.

Correct Answer: B

Explanation

Risk exceptions are granted when a risk is accepted by the organization, despite not fol- lowing typical organizational policies or processes. This is not a transfer or mitigation, and simply documenting the risk does not cause it to be accepted.