CompTIA CASP+ (CAS-004) — Question 630
Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?
Answer options
- A. At the individual product level
- B. Through the selection of a random product
- C. Using a third-party audit report
- D. By choosing a major product
Correct answer: A
Explanation
The correct answer is A because performing a risk assessment at the individual product level allows for a thorough evaluation of each product's specific risks. Options B and D are not effective as random selection and major product focus do not ensure comprehensive risk evaluation. Option C is also incorrect since a third-party audit report may not cover all unique risks associated with each product.