Which of the following answers is the BEST example of Risk Transference?

A.
Insurance

B.
Results of Cost Benefit Analysis

C.
Acceptance

D.
Not hosting the services at all

Explanation:
Once a company knows the amount of total and residual risk it is faced with, it must decide how to handle it.
Risk can be dealt with in four basic ways: transfer it, avoid it, reduce it, or accept it.
Many types of insurance are available to companies to protect their assets. If a company decides the total risk
is too high to gamble with, it can purchase insurance, which would transfer the risk to the insurance company.
Incorrect Answers:
B: Cost/benefit analysis is an assessment that is performed to ensure that the cost of protecting an asset does
not outweigh the benefit of the protection or the value of the asset. It is not an example of risk transference.C: Risk acceptance is when a company understands the level of risk it is faced with, as well as the potential
cost of the risk but does not implement any countermeasure because cost of the countermeasure outweighs
the potential loss value. This is determined by the Cost/benefit analysis. Acceptance is not an example of risk
transference.
D: Risk avoidance is when a company decides not to implement and activity or to terminate and activity that is
introducing the risk, and in so doing avoids the risk. Not hosting the services at all is not an example of risk
transference; it is an example of risk avoidance.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 96-97, 97, 97-98