CompTIA Security+ (SY0-601) — Question 665

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

Answer options

• A. Shared deployment of CIS baselines
• B. Joint cybersecurity best practices
• C. Both companies following the same CSF
• D. Assessment of controls in a vulnerability report

Correct answer: C

Explanation

The correct choice is C, as having both companies follow the same Cybersecurity Framework (CSF) ensures a consistent and standardized approach to security across both organizations. Options A and B suggest collaboration but do not guarantee uniformity, while D focuses on assessing controls rather than establishing a standardized framework.