nerdexam
ExamsCAS-003Questions#973
CompTIA

CAS-003 · Question #973

CAS-003 Question #973: Real Exam Question with Answer & Explanation

The correct answer is B: Review the preferred vendor's white papers. When an analyst has zero familiarity with a product category, the first step is to build a working understanding of what the product actually does before attempting to evaluate it. The preferred vendor's white papers describe the product's architecture, capabilities, integration

Question

A facilities manager requests approval to deploy a new key management system that integrates with logical network access controls to provide conditional access. The security analyst who is assessing the risk has no experience which the category of products. Which of the following is the FIRST step the analyst should take to begin the research?

Options

  • ASeek documented industry best practices
  • BReview the preferred vendor's white papers
  • CCompare the product function to relevant RFCs
  • DExecute a non-disclosure agreement with the vendor

Explanation

When an analyst has zero familiarity with a product category, the first step is to build a working understanding of what the product actually does before attempting to evaluate it. The preferred vendor's white papers describe the product's architecture, capabilities, integration points, and intended use case - establishing the baseline knowledge the analyst needs to ask the right questions. Seeking broad industry best practices (A) or comparing to RFCs (C) is only useful once the analyst understands what the product is; applying standards to something you don't yet understand produces an incomplete assessment. Executing an NDA (D) is a legal/procurement step, not a research step, and should come after the analyst has determined the product warrants deeper vendor engagement.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice