Risk Management — CompTIA CySA+ (CS0-003) Practice Questions
Risk management on the CySA+ exam refers to the structured process of identifying threats and vulnerabilities, assessing the likelihood and impact of exploitation, and selecting responses that align with organizational risk appetite. Candidates are tested on quantitative and qualitative risk assessment methodologies, risk register maintenance, and the four standard risk responses: accept, avoid, transfer, and mitigate. The exam also connects risk management concepts to vulnerability prioritization and compensating controls, showing how analytical decisions feed into broader governance processes. Analysts who understand risk management can translate technical findings into business language that drives executive-level remediation decisions.
Free questions on risk management
A security analyst is prioritizing vulnerabilities for remediation. A critical vulnerability affects a legacy system that is scheduled for decommissioning in 6 months. How should this be handled?
Free question · medium · full answer + explanation
More risk management questions in the full bank
- How should security metrics be reported? Unlock answer & explanation →
- How should you prioritize remediation with limited resources? Unlock answer & explanation →
- How should you handle vulnerabilities with no patches? Unlock answer & explanation →