CompTIA CASP+ (CAS-003) — Question 372

An organization that develops military technology is considering expansion into a foreign country. The organization's owners want to understand the risks associated with such an expansion, and the organization does not want to fund an intensive assessment. Which of the following approaches should be taken?

Answer options

• A. Penetration test
• B. Tabletop assessment
• C. Compliance assessment
• D. Configuration security test

Correct answer: B

Explanation

A Tabletop assessment is ideal for understanding risks in a low-cost and low-effort manner, making it suitable for the organization's needs. In contrast, a Penetration test focuses on identifying vulnerabilities rather than assessing risks, while a Compliance assessment checks adherence to standards, and a Configuration security test evaluates system settings, which are not aligned with the organization's goals.