Which type of risk response is being applied when a company purchases cyber-insurance to cover ransomware losses?
A CISSP practice question covering Domain 1: Security and Risk Management. Try answering before reading the explanation below.
Show options & answer
Why "Risk transference" is the right answer
Insurance shifts financial loss to a third party — that is risk transference. Avoidance would mean dropping the activity entirely. Acceptance is doing nothing about the risk. Mitigation is reducing likelihood or impact through controls.
Study videos for this topic
Want to go deeper on Domain 1? Watch the full breakdown — every video is free, no account, no upsell.
CISSP Domain 1: Ethics & the 5 Pillars (Canon Order)
Domain 1 — Security and Risk Management
CISSP Domain 1: Governance, Roles & Due Care (2026)
Domain 1 — Security and Risk Management
CISSP Domain 1: Laws, IP & GDPR (Compliance)
Domain 1 — Security and Risk Management
CISSP Domain 1: Investigation Types & Security Docs
Domain 1 — Security and Risk Management
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.