CompTIA SecurityX (CAS-005) — Question 212

A company that uses several cloud applications wants to property identify:

• All the devices potentially affected by a given vulnerability
• All the internal servers utilizing the same physical switch
• The number of endpoints using a particular operating system

Which of the following is the best way to meet the requirements?

Answer options

• A. SBoM
• B. CASB
• C. GRC
• D. CMDB

Correct answer: D

Explanation

The correct answer is CMDB because it provides a comprehensive inventory of IT assets and their relationships, making it suitable for identifying affected devices and endpoints. SBoM focuses on software components, CASB is geared towards securing cloud services, and GRC is aimed at governance and compliance rather than asset management.