CompTIA Cloud+ (CV0-003) — Question 22

A Chief Information Security Officer (CISO) is evaluating the company's security management program. The CISO needs to locate all the assets with identified deviations and mitigation measures. Which of the following would help the CISO with these requirements?

Answer options

• A. An SLA document
• B. A DR plan
• C. SOC procedures
• D. A risk register

Correct answer: D

Explanation

The correct answer is D, a risk register, as it contains a comprehensive list of identified risks, including their deviations and mitigation measures. Options A, B, and C do not provide the necessary detailed information on risks and their management that a risk register offers.