ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 26 discussion

Actual exam question from CompTIA's CAS-004
Question #: 26
Topic #: 1
[All CAS-004 Questions]

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?

  • A. Create a full inventory of information and data assets.
  • B. Ascertain the impact of an attack on the availability of crucial resources.
  • C. Determine which security compliance standards should be followed.
  • D. Perform a full system penetration test to determine the vulnerabilities.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by RevZig67 at May 13, 2022, 7:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RevZig67
Highly Voted 2 years, 11 months ago
Selected Answer: A
You need to know what you got first.
upvoted 9 times
...
blacksheep6r
Most Recent 2 months, 2 weeks ago
Selected Answer: A
Why A is the Best Answer: ✔ You can’t protect what you don’t know exists – Creating an inventory of information and data assets is the first step in risk assessment. ✔ Understanding assets allows proper risk prioritization – Some assets are more critical than others (e.g., customer PII vs. public marketing materials). ✔ A strong asset inventory helps in compliance, security planning, and risk mitigation.
upvoted 2 times
...
ServerBrain
9 months, 2 weeks ago
Selected Answer: A
NIST Step 1: Prioritize and Scope.
upvoted 1 times
...
BiteSize
1 year, 9 months ago
Selected Answer: A
CIS Control 1 : Hardware and Software Inventory you can't defend or protect when you don't know what you have. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
upvoted 2 times
...
Cosmic_robot
2 years ago
Selected Answer: A
Need to know your assets first in order to move forward.
upvoted 3 times
...
Andre876
2 years, 5 months ago
I would say C is the answer because in order to know which assets are important you have to know what framework/guidelines the company has to follow. for e.g. the risks of a financial org may be different from thos of a hospitol
upvoted 1 times
blacksheep6r
2 months, 2 weeks ago
) Determine which security compliance standards should be followed Compliance is critical, but you must first identify assets before determining applicable regulations (e.g., HIPAA for healthcare, PCI-DSS for payment data).
upvoted 1 times
...
Andre876
2 years, 4 months ago
Retracting. The answer is A
upvoted 5 times
...
...
Boats
2 years, 8 months ago
Selected Answer: A
You might and probably would do a vulnerability assessment with multiple security compliance standards in mind. but to do it you first need an inventory.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago