CompTIA
CAS-003 · Question #535
CAS-003 Question #535: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-003 to reveal the answer and full explanation for question #535. The question stem and answer options stay visible for context.
Risk Management
Question
An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiation, there are a number of outstanding issues, including: 1. Indemnity clauses have identified the maximum liability. 2. The data will be hosted and managed outside of the company's geographical location. The number of users accessing the system will be small, and no sensitive data will be hosted in the solution. As the security consultant of the project, which of the following should the project's security consultant recommend as the NEXT step?
Options
- ADevelop a security exemption, as it does not meet the security policies.
- BRequire the solution owner to accept the identified risks and consequences.
- CMitigate the risk by asking the vendor to accept the in-country privacy principles.
- DReview the procurement process to determine the lessons learned.
Unlock CAS-003 to see the answer
You've previewed enough free CAS-003 questions. Unlock CAS-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#vendor risk management#risk acceptance#data sovereignty#procurement security