CompTIA SecurityX (CAS-005) — Question 133

Following a security incident, a company decides to improve its device management. The company establishes the following requirements for the new process:

• EOL devices must be properly replaced in a timely manner.
• Accurate, detailed information about the devices must be available in a centralized repository.

Which of the following should the company do to meet these requirements? (Choose two.)

Answer options

• A. Configure agent-based vulnerability scanning tools.
• B. Implement an asset management life cycle.
• C. Switch to a BYOD policy.
• D. Transition to a virtual desktop infrastructure.
• E. Establish a quality assurance program.
• F. Maintain a configuration management database.

Correct answer: B, F

Explanation

The correct answers are B and F because implementing an asset management life cycle ensures timely replacement of EOL devices and provides a framework for managing device information. Maintaining a configuration management database also supports accurate, centralized device information. The other options do not directly address the requirements of timely replacement and centralized information management.