CompTIA CySA+ (CS0-002) — Question 303

As part of the senior leadership team's ongoing risk management activities, the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones. The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data. Which of the following would be appropriate for the security analyst to coordinate?

Answer options

• A. A black-box penetration testing engagement
• B. A tabletop exercise
• C. Threat modeling
• D. A business impact analysis

Correct answer: D

Explanation

The correct answer is D, a business impact analysis, as it evaluates the potential effects of a business process on operations and identifies the risks involved. The other options, while valuable, do not directly assess the impact of a new business process on existing infrastructure in the context of sensitive data management.