CompTIA CASP+ (CAS-004) — Question 623

A company is adopting a new artificial-intelligence-based analytics SaaS solution. This is the company's first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks. Which of the following would be the GREATEST risk in adopting this solution?

Answer options

• A. The inability to assign access controls to comply with company policy
• B. The inability to require the service provider process data in a specific country
• C. The inability to obtain company data when migrating to another service
• D. The inability to conduct security assessments against a service provider

Correct answer: C

Explanation

The greatest risk is the inability to obtain company data when migrating to another service, as this could hinder future flexibility and control over data. Options A and B present concerns regarding compliance and jurisdiction but are not as critical as data access during migration. Option D relates to security assessments, which are important but do not impact data ownership and accessibility as directly as option C does.