Which activity is part of mitigation planning?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Get ready for your WGU ITEC2034 D385 Software Security and Testing Test. Study with multiple choice questions that include hints and explanations. Boost your confidence for your exam day!

Multiple Choice

Which activity is part of mitigation planning?

Explanation:
Mitigation planning is about reducing risk by putting safeguards in place. It involves identifying vulnerabilities or threats and choosing appropriate controls to lower the likelihood or impact of those risks, then implementing those controls. This can include technical measures like patching, configuring secure settings, network segmentation, and access controls, as well as administrative steps such as policies, training, and incident response planning. The goal is to bring risk down to an acceptable level before an incident occurs. Expanding the attack surface increases potential entry points and overall risk, so it isn’t a mitigation activity. Ignoring findings leaves known issues unresolved, which contradicts the purpose of mitigation. Replacing risk with compliance misunderstands risk management—the focus is on reducing risk, with compliance acting as a guideline or minimum standard rather than the act of mitigation itself.

Mitigation planning is about reducing risk by putting safeguards in place. It involves identifying vulnerabilities or threats and choosing appropriate controls to lower the likelihood or impact of those risks, then implementing those controls. This can include technical measures like patching, configuring secure settings, network segmentation, and access controls, as well as administrative steps such as policies, training, and incident response planning. The goal is to bring risk down to an acceptable level before an incident occurs.

Expanding the attack surface increases potential entry points and overall risk, so it isn’t a mitigation activity. Ignoring findings leaves known issues unresolved, which contradicts the purpose of mitigation. Replacing risk with compliance misunderstands risk management—the focus is on reducing risk, with compliance acting as a guideline or minimum standard rather than the act of mitigation itself.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy