CAS-001 · Question #497
CAS-001 Question #497: Real Exam Question with Answer & Explanation
The correct answer is D: Review to determine if control effectiveness is in line with the complexity of the solution.. The FIRST process to perform is to review whether control effectiveness is in line with the complexity of the solution (D). The pilot revealed that the solution requires 3 change requests per application deployment across 200 firewalls - meaning massive operational overhead that
Question
Options
- ALower the SLA to a more tolerable level and perform a risk assessment to see if the solution
- BPerform a cost benefit analysis and implement the solution as it stands as long as the risks are
- CEngage internal auditors to perform a review of the project to determine why and how the project
- DReview to determine if control effectiveness is in line with the complexity of the solution.
Explanation
The FIRST process to perform is to review whether control effectiveness is in line with the complexity of the solution (D). The pilot revealed that the solution requires 3 change requests per application deployment across 200 firewalls - meaning massive operational overhead that significantly impacts availability (a key security pillar). Before any other action, the security team must evaluate whether the security benefit delivered by this complex control architecture actually justifies the operational cost and availability risk it introduces. This is a fundamental control design review. Lowering the SLA (A) is premature and reactive. Cost-benefit analysis (B) comes after effectiveness is understood. Engaging internal auditors (C) is appropriate later, not as the first step.
Community Discussion
No community discussion yet for this question.