CAS-003 · Question #809
CAS-003 Question #809: Real Exam Question with Answer & Explanation
The correct answer is A: The product owner should perform a business impact assessment regarding the ability to. Although the vulnerability scan output is not shown in full, the corrective action documented directs the product owner to perform a Business Impact Assessment (BIA). This is appropriate when a finding involves a product or component that is end-of-life, unsupported, or cannot be
Question
Exhibit
Options
- AThe product owner should perform a business impact assessment regarding the ability to
- BThe application developer should use a static code analysis tool to ensure any application
- CThe system administrator should evaluate dependencies and perform upgrade as necessary.
- DThe security operations center should develop a custom IDS rule to prevent attacks buffer
Explanation
Although the vulnerability scan output is not shown in full, the corrective action documented directs the product owner to perform a Business Impact Assessment (BIA). This is appropriate when a finding involves a product or component that is end-of-life, unsupported, or cannot be immediately patched - situations where a technical fix may not be straightforward. A BIA evaluates the operational and financial impact of the vulnerability on the business, helping leadership make informed decisions about whether to accept the risk, replace the product, or isolate it. This is a management/governance-level corrective action, which is appropriate when the CISO is the one developing the plan.
Community Discussion
No community discussion yet for this question.