Final answer:
Tim engaged in risk mitigation by directly addressing and working to fix vulnerabilities found on a server after performing a vulnerability scan. This reduced the server's overall risk level.
Therefore, the correct answer is: option 'mitigation'.
Step-by-step explanation:
Risk mitigation is the process of planning for disasters and having a way to lessen negative impacts. Although the principle of risk mitigation is to prepare a business for all potential risks, a proper risk mitigation plan will weigh the impact of each risk and prioritize planning around that impact.
In this case, when Tim performed a vulnerability scan and discovered vulnerabilities on a server which he then worked to eliminate, he was engaging in the risk response known as mitigation.
This response strategy involves taking steps to reduce the impact or likelihood of a risk occurring. Instead of ignoring the risks (acceptance), transferring them to a third party (transfer), or avoiding the risk altogether by not engaging in the activity that introduces the risk (avoidance), Tim chose to address the risks directly and reduce the overall risk level of the server by fixing the vulnerabilities.