SY0-701 · Question #611
SY0-701 Question #611: Real Exam Question with Answer & Explanation
The correct answer is A: Software vulnerabilities. Software vulnerabilities (A) are the correct focus because risk assessment is specifically about identifying and evaluating threats, weaknesses, and potential harms - and known vulnerabilities in software directly represent security and operational risks the company would inherit
Question
A company is performing a risk assessment on new software the company plans to use. Which of the following should the company assess during this process?
Options
- ASoftware vulnerabilities
- BCost-benefit analysis
- COngoing monitoring strategies
- DNetwork infrastructure compatibility
Explanation
Software vulnerabilities (A) are the correct focus because risk assessment is specifically about identifying and evaluating threats, weaknesses, and potential harms - and known vulnerabilities in software directly represent security and operational risks the company would inherit by adopting it.
Why the distractors are wrong:
- B (Cost-benefit analysis) belongs to the procurement/decision-making phase, not risk assessment - it weighs financial value, not risk exposure.
- C (Ongoing monitoring strategies) is a risk response/management activity that comes after the assessment, during implementation planning.
- D (Network infrastructure compatibility) is a technical compatibility or integration concern, not a risk assessment item - compatibility issues are operational, not risk-based threats.
Memory tip: Think of risk assessment as answering "What can go wrong and how bad would it be?" - vulnerabilities are what can go wrong. The other options answer different questions: "Is it worth it?" (B), "How do we watch it?" (C), and "Will it work with our systems?" (D).
Topics
Community Discussion
No community discussion yet for this question.