CompTIA CASP+ (CAS-004) — Question 500

A company performs an annual attack surface analysis and identifies a large number of unexpected, external-facing systems. The Chief Information Security Officer wishes to ensure this issue does not reoccur. Which of the following should the company do?

Answer options

• A. Update the company’s risk profile.
• B. Minimize errors in the risk assessment metrics.
• C. Continuously monitor key risk indicators.
• D. Reduce the costs associated with performing risk assessments.

Correct answer: C

Explanation

The correct answer is C, as continuously monitoring key risk indicators allows the company to identify and address potential vulnerabilities proactively. Options A and B do not ensure ongoing oversight, while D focuses on cost reduction rather than risk management.