CompTIA CASP+ (CAS-004) — Question 314

A cyberanalyst for a government agency is concerned about how PII is protected. A supervisor indicates that a Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment?

Answer options

• A. To validate the project participants
• B. To identify the network ports
• C. To document residual risks
• D. To evaluate threat acceptance

Correct answer: C

Explanation

The correct answer is C because a Privacy Impact Assessment is primarily focused on documenting residual risks associated with the handling of PII. Options A, B, and D do not accurately reflect the purpose of a Privacy Impact Assessment, as they pertain to project validation, network analysis, and threat evaluation, respectively.