Which TWO of the following are risk treatment strategies as defined in ISO 27005?
Avoidance is a risk treatment strategy.
Why this answer
Risk avoidance and risk transfer are standard treatment strategies. Risk analysis, risk communication, and risk monitoring are not treatment strategies but are part of the risk management process.