CompTIA Security+ (SY0-701) — Question 134

A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

Answer options

• A. Continuous
• B. Ad hoc
• C. Recurring
• D. One time

Correct answer: C

Explanation

The correct answer is C, Recurring, because it indicates that the assessment must be done repeatedly over time, specifically annually. Options A and B do not imply regularity in timing, while D suggests a one-off assessment which does not meet the annual requirement.