🔥 3-day streak
CompTIA SecurityX (CAS-005)82 / 120
Question 82 of 120

A financial services firm identifies a risk that a legacy claims-processing application, which cannot be patched due to vendor end-of-life, is vulnerable to a known exploit. The application generates $2M in annual revenue and would cost $1.5M to fully replace within the year. The estimated annualized loss expectancy (ALE) from the vulnerability is $180,000. Management decides to isolate the application on a segmented network, deploy a virtual patch via WAF, and purchase a cyber insurance rider covering losses above $50,000. Which combination of risk treatment strategies has management applied?

Reviewed for accuracy · Report an issueNext question