CompTIA CASP+ (CAS-004) — Question 580

Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?

Answer options

• A. To determine the scope of the risk assessment
• B. To determine the business owner(s) of the system
• C. To decide between conducting a quantitative or qualitative analysis
• D. To determine which laws and regulations apply

Correct answer: A

Explanation

The correct answer is A, as defining the security boundary helps to outline the limits and context of the risk assessment, ensuring all relevant assets are included. The other options, while important aspects of risk management, do not directly relate to the initial step of establishing the assessment's scope.