CompTIA Security+ (SY0-701) — Question 93

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Answer options

• A. A full inventory of all hardware and software
• B. Documentation of system classifications
• C. A list of system owners and their departments
• D. Third-party risk assessment documentation

Correct answer: A

Explanation

Having a full inventory of all hardware and software is crucial for a security analyst to understand what assets are affected by a new vulnerability, leading to a more accurate risk assessment. The other options, while useful, do not provide the comprehensive view of the organization’s resources necessary for assessing overall risk effectively.