CAS-002 Question #794: Real Exam Question with Answer & Explanation

Question

Options

• AA review of the mitigations implemented from the most recent audit findings of the smaller
• BAn ROI calculation should be performed to determine which company's application should be
• CA security assessment should be performed to establish the risks of integration or co-existence.
• DA regression test should be performed on the in-house software to determine security risks

Explanation

Pre-merger due diligence requires a security assessment to identify integration risks before exposing the acquiring company to vulnerabilities in the smaller company's custom applications.

Common mistakes.

• A. Reviewing prior audit mitigations provides historical context but does not proactively identify new integration risks created by combining two distinct environments.
• B. An ROI calculation is a business finance decision, not a security action, and does not address the security risks of integrating unfamiliar in-house applications.
• D. Regression testing validates that existing functionality still works after code changes; it does not comprehensively assess the security risks of integration or co-existence with another company's systems.

Concept tested. Security assessment for merger and acquisition due diligence

Reference. https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

No community discussion yet for this question.