nerdexam
ExamsCAS-002Questions#702
CompTIA

CAS-002 · Question #702

CAS-002 Question #702: Real Exam Question with Answer & Explanation

The correct answer is C: Develop a risk analysis for the merged networks.. Before connecting two merged corporate networks, a risk analysis must be performed first so that threats are understood and mitigation decisions are properly informed.

Question

A large enterprise is expanding through the acquisition of a second corporation. Which of the following should be undertaken FIRST before connecting the networks of the newly formed entity?

Options

  • AA system and network scan to determine if all of the systems are secure.
  • BImplement a firewall/DMZ system between the networks.
  • CDevelop a risk analysis for the merged networks.
  • DConduct a complete review of the security posture of the acquired corporation.

Explanation

Before connecting two merged corporate networks, a risk analysis must be performed first so that threats are understood and mitigation decisions are properly informed.

Common mistakes.

  • A. Scanning systems to verify they are secure is a technical activity that should occur after risks have been identified and prioritized, not before the risk landscape is understood.
  • B. Implementing a firewall or DMZ is a mitigation control and should be designed based on the results of a risk analysis rather than deployed without that context.
  • D. Reviewing the acquired corporation's security posture is an important input into the risk analysis but is a narrower sub-task that feeds into, rather than replaces, the full risk analysis process.

Concept tested. Risk analysis as first step in network merger

Reference. https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice