CompTIA CASP+ (CAS-004) — Question 51

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?

Answer options

• A. Create a full inventory of information and data assets.
• B. Ascertain the impact of an attack on the availability of crucial resources.
• C. Determine which security compliance standards should be followed.
• D. Perform a full system penetration test to determine the vulnerabilities.

Correct answer: A

Explanation

The correct answer is A because establishing a full inventory of information and data assets is essential for understanding what needs protection and assessing risks. The other options, while important, come after the initial step of identifying and cataloging assets, which forms the foundation for further risk analysis and compliance considerations.