New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA SY0-701 Exam - Topic 4 Question 47 Discussion

Actual exam question for CompTIA's SY0-701 exam
Question #: 47
Topic #: 4
[All SY0-701 Questions]

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Show Suggested Answer Hide Answer
Suggested Answer: A

A full inventory of all hardware and software is essential for measuring the overall risk to an organization when a new vulnerability is disclosed, because it allows the security analyst to identify which systems are affected by the vulnerability and prioritize the remediation efforts. Without a full inventory, the security analyst may miss some vulnerable systems or waste time and resources on irrelevant ones.Documentation of system classifications, a list of system owners and their departments, and third-party risk assessment documentation are all useful for risk management, but they are not sufficient to measure the impact of a new vulnerability.:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1221; Risk Assessment and Analysis Methods: Qualitative and Quantitative3


by Melissa at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium SY0-701 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tonette
3 days ago
Definitely B. You can't measure risk without understanding what's at stake.
upvoted 0 times
...
Olive
8 days ago
I agree, B is the way to go. Knowing the sensitivity of your systems is key to evaluating the potential impact.
upvoted 0 times
...
Brandon
13 days ago
Option B is the correct answer. Documenting system classifications is crucial for assessing the risk of a new vulnerability.
upvoted 0 times
...
Lavonne
18 days ago
Third-party risk assessments might be relevant, but I wonder if they are as critical as having a complete inventory.
upvoted 0 times
...
Chauncey
24 days ago
I feel like knowing the system owners is important, but I can't recall how it directly ties into measuring overall risk.
upvoted 0 times
...
Alexia
29 days ago
I remember a practice question that emphasized the importance of system classifications. It seems like that could help in measuring risk too.
upvoted 0 times
...
Cory
1 month ago
I think having a full inventory of all hardware and software is crucial, but I'm not entirely sure if it's the only thing we need.
upvoted 0 times
...
Melynda
1 month ago
I'd say we need a combination of all those things to really assess the risk comprehensively. Gotta cover all our bases.
upvoted 0 times
...
Nina
1 month ago
The third-party risk assessment docs could give some good insight into vulnerabilities we might not have visibility on internally.
upvoted 0 times
...
Tarra
2 months ago
Definitely need to know who the system owners are and what departments they're in. That'll help figure out the business impact.
upvoted 0 times
...
Lashaunda
2 months ago
Hmm, I'm not sure. I feel like the system classifications and documentation would be just as important to understand the overall risk.
upvoted 0 times
...
Kenneth
2 months ago
I think a full inventory of all hardware and software would be really helpful to get a clear picture of what's at risk.
upvoted 0 times
...

Save Cancel