CompTIA
CAS-001 · Question #356
CAS-001 Question #356: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-001 to reveal the answer and full explanation for question #356. The question stem and answer options stay visible for context.
Question
A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seem to be a manageable volume of infrequently exploited security vulnerabilities. The director decides to implement continuous monitoring and other security controls to mitigate the impact of the vulnerabilities. Which of the following should the director require from the developers before agreeing to deploy the system?
Options
- AAn incident response plan which guarantees response by tier two support within 15 minutes of an incident.
- BA definitive plan of action and milestones which lays out resolutions to all vulnerabilities within six months.
- CBusiness insurance to transfer all risk from the company shareholders to the insurance company.
- DA prudent plan of action which details how to decommission the system within 90 days of becoming
Unlock CAS-001 to see the answer
You've previewed enough free CAS-001 questions. Unlock CAS-001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.