CompTIA Security+ (SY0-601) — Question 643

The application development teams have been asked to answer the following questions:

• Does this application receive patches from an external source?
• Does this application contain open-source code?
• Is this application accessible by external users?
• Does this application meet the corporate password standard?

Which of the following are these questions part of?

Answer options

• A. Risk control self-assessment
• B. Risk management strategy
• C. Risk acceptance
• D. Risk matrix

Correct answer: A

Explanation

The correct answer is A, as these questions are related to assessing the risks associated with the application's security and compliance. Options B, C, and D refer to broader or different aspects of risk management that do not specifically focus on the assessment of controls and vulnerabilities as these questions do.