CompTIA CySA+ (CS0-002) — Question 186

As part of a merger with another organization, a Chief Information Security Officer (CISO) is working with an assessor to perform a risk assessment focused on data privacy compliance. The CISO is primarily concerned with the potential legal liability and fines associated with data privacy. Based on the CISO’s concerns, the assessor will most likely focus on:

Answer options

• A. qualitative probabilities.
• B. quantitative probabilities.
• C. qualitative magnitude.
• D. quantitative magnitude.

Correct answer: D

Explanation

The correct answer, D, refers to quantitative magnitude, which deals with the measurable impact and potential financial consequences of data privacy issues, aligning with the CISO's focus on legal liability and fines. The other options focus on qualitative aspects or probabilities, which do not directly address the CISO's primary concern regarding the quantifiable risks associated with data privacy compliance.