Risk Mitigation — CISSP Practice Questions

Risk mitigation is one of four primary risk response strategies available to organizations, alongside risk avoidance, risk transference, and risk acceptance, and it involves implementing controls to reduce the likelihood or impact of a threat event to an acceptable level. The CISSP exam requires candidates to distinguish mitigation from the other response options and to understand that residual risk always remains after controls are applied. Candidates must evaluate cost-benefit tradeoffs, recognizing that the cost of a control should not exceed the value of the asset or the potential loss it protects. Mitigation strategies span administrative, technical, and physical controls, and the exam often presents scenarios requiring candidates to select the most appropriate combination.

Free questions on risk mitigation

More risk mitigation questions in the full bank

• A security breach affects multiple organizations through a compromised third-party software vendor. Which risk management strategy should have been applied? Unlock answer & explanation →
• What is the relationship between cryptographic key rotation and side-channel attack mitigation? Unlock answer & explanation →
• Which risk response strategy involves reducing the probability or impact of a risk? Unlock answer & explanation →