CompTIA CySA+ (CS0-003) — Question 23

A security analyst needs to ensure that systems across the organization are protected based on the sensitivity of the content each system hosts. The analyst is working with the respective system owners to help determine the best methodology that seeks to promote confidentiality, availability, and integrity of the data being hosted. Which of the following should the security analyst perform first to categorize and prioritize the respective systems?

Answer options

• A. Interview the users who access these systems.
• B. Scan the systems to see which vulnerabilities currently exist.
• C. Configure alerts for vendor-specific zero-day exploits.
• D. Determine the asset value of each system.

Correct answer: D

Explanation

The correct answer is D, as determining the asset value of each system is crucial for understanding its importance and prioritizing protection efforts based on content sensitivity. Options A and B involve assessing user input and vulnerabilities, which are secondary steps that follow asset valuation. Option C is focused on threat detection rather than the categorization and prioritization of systems.