CompTIA CySA+ (CS0-002) — Question 134

Which of the following is a reason to use a risk-based cybersecurity framework?

Answer options

• A. A risk-based approach always requires quantifying each cyber risk faced by an organization.
• B. A risk-based approach better allocates an organization's resources against cyberthreats and vulnerabilities.
• C. A risk-based approach is driven by regulatory compliance and is required for most organizations.
• D. A risk-based approach prioritizes vulnerability remediation by threat hunting and other qualitative-based processes.

Correct answer: B

Explanation

The correct answer, B, highlights that a risk-based approach optimizes resource allocation to address the most significant cyber threats and vulnerabilities effectively. Option A is incorrect because quantifying each risk is not always necessary. Option C misrepresents the primary motivation for a risk-based approach, which is not solely regulatory compliance. Option D focuses on a specific process rather than the overall resource allocation benefit of a risk-based approach.