🔥 3-day streak
CompTIA SecurityX (CAS-005)99 / 120
Question 99 of 120

A financial services company processes cardholder data through a SaaS vendor that recently disclosed a breach affecting its infrastructure. The company's risk committee has already implemented strong access controls, encryption, and continuous monitoring on its own systems, but residual risk from the vendor relationship remains above the organization's stated risk appetite. The committee cannot renegotiate the contract for 18 months and cannot switch vendors without significant business disruption. Which risk treatment BEST addresses the remaining residual risk in the interim?

Reviewed for accuracy · Report an issueNext question