CompTIA SecurityX (CAS-005) — Question 288
Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?
Answer options
- A. At the individual product level
- B. Through the selection of a random product
- C. Using a third-party audit report
- D. By choosing a major product
Correct answer: A
Explanation
The correct approach is to assess risk at the individual product level since each product may carry different risks. Random selection or focusing only on a major product may overlook critical vulnerabilities in other products. A third-party audit report can provide insights, but it does not replace the need for direct assessment of each product.