CAS-005 Question #138: Real Exam Question with Answer & Explanation

Sign in or unlock CAS-005 to reveal the answer and full explanation for question #138. The question stem and answer options stay visible for context.

Submitted by carter_n· Mar 6, 2026Governance, Risk, and Compliance

Question

A global organization is reviewing potential vendors to outsource a critical payroll function. Each vendor's plan includes using local resources in multiple regions to ensure compliance with all regulations. The organization's Chief Information Security Officer is conducting a risk assessment on the potential outsourcing vendors' subprocessors. Which of the following best explains the need for this risk assessment?

Options

ARisk mitigations must be more comprehensive than the existing payroll provider.
BDue care must be exercised during all procurement activities.
CThe responsibility of protecting PII remains with the organization.
DSpecific regulatory requirements must be met in each jurisdiction.

Unlock CAS-005 to see the answer

You've previewed enough free CAS-005 questions. Unlock CAS-005 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CAS-005 - $49.99 / 30 days Sign in

Full CAS-005 Practice Browse All CAS-005 Questions