Q: 8
Which of the following risk management principles is accomplished by purchasing cyber insurance?
Options
Discussion
D . Buying cyber insurance doesn't stop or reduce the risk, it just hands the financial hit to someone else. C is a classic trap here since mitigation is about actually reducing impact, not just shifting it.
If the policy is just about shifting who covers the loss, that's risk transfer. So I'd pick D here. Only flips if you actually reduce chance or impact directly.
Option D seen this in multiple official guides and practice exams.
D imo, since with cyber insurance you're moving the risk (financial responsibility) to the insurer. You aren't actually lowering the chance or effect of the threat itself-just who pays. Pretty sure that's what transfer means, right?
Maybe C, since insurance helps lessen the financial impact after a breach. Not 100% sure.
Option D. Avoid the C trap, insurance just shifts liability, doesn't lower actual risk.
Why not C in any scenario here? Insurance doesn't actually reduce the actual risk event or its likelihood, right?
D here-buying insurance doesn't stop the risk, it just hands off the $ impact if something happens. If we wanted to actually lower the chance of something bad, that'd be C. But for this wording, pretty sure it's D. Agree?
Hmm I'd probably say C for this, since buying insurance feels like it's helping mitigate the risk. C
I went with C because insurance helps reduce the financial impact, which feels like mitigation to me. In practice, isn't lowering the blow part of mitigation? I've seen a similar question pop up on practice tests, so maybe that's why I'm stuck on this. Not 100% sure though, open to other takes.
Be respectful. No spam.
