CompTIA SecurityX (CAS-005) — Question 203

A company must meet the following security requirements when implementing controls in order to be compliant with government policy:

• Access to the system document repository must be MFA enabled.
• Ongoing risk monitoring must be displayed on a system dashboard.
• Staff must receive email notifications about periodic tasks.

Which of the following best meets all of these requirements?

Answer options

• A. Implementing a GRC tool
• B. Configuring a privileged access management system
• C. Launching a vulnerability management program
• D. Creating a risk register

Correct answer: A

Explanation

Implementing a GRC tool is the most suitable choice as it provides governance, risk management, and compliance capabilities, including MFA for access, dashboards for risk monitoring, and notification systems for staff. The other options, while beneficial, do not comprehensively address all the specified requirements. For instance, a privileged access management system focuses on access control but lacks the broader compliance features needed.