CAS-005 · Question #370
CAS-005 Question #370: Real Exam Question with Answer & Explanation
The correct answer is A: At the individual product level. A risk assessment should be performed at the individual product level when an organization has a critical vendor providing multiple products. This approach ensures that each product is evaluated for its specific risks, vulnerabilities, and impact on the organization. By assessing
Question
Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?
Options
- AAt the individual product level
- BThrough the selection of a random product
- CUsing a third-party audit report
- DBy choosing a major product
Explanation
A risk assessment should be performed at the individual product level when an organization has a critical vendor providing multiple products. This approach ensures that each product is evaluated for its specific risks, vulnerabilities, and impact on the organization. By assessing each product separately, the organization can identify and prioritize the risks associated with each product rather than making assumptions based on a single product or a general overview.
Community Discussion
No community discussion yet for this question.