CompTIA Exam CAS-004 Topic 1 Question 76 Discussion

Actual exam question for CompTIA's CAS-004 exam

Question #: 76
Topic #: 1

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst's FIRST action?

ACreate a full inventory of information and data assets.

BAscertain the impact of an attack on the availability of crucial resources.

CDetermine which security compliance standards should be followed.

DPerform a full system penetration test to determine the vulnerabilities.

Show Suggested Answer

Suggested Answer: A

This is because a risk assessment requires identifying the assets that are valuable to the organization and could be targeted by attackers. A full inventory of information and data assets can help the analyst prioritize the most critical assets and determine their potential exposure to threats. Without knowing what assets are at stake, the analyst cannot effectively assess the risk level or the impact of an attack. Creating an inventory of assets is also a prerequisite for performing other actions, such as following compliance standards, measuring availability, or conducting penetration tests.

by Shantell at Jul 04, 2025, 07:56 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF