CompTIA
CAS-003 · Question #142
CAS-003 Question #142: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-003 to reveal the answer and full explanation for question #142. The question stem and answer options stay visible for context.
Question
A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network. Vendors were authenticating directly to the retailer's AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPN's no other security action was taken. To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?
Options
- AResidual Risk calculation
- BA cost/benefit analysis
- CQuantitative Risk Analysis
- DQualitative Risk Analysis
Unlock CAS-003 to see the answer
You've previewed enough free CAS-003 questions. Unlock CAS-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.