Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA SY0-701 Exam - Topic 4 Question 47 Discussion

Actual exam question for CompTIA's SY0-701 exam
Question #: 47
Topic #: 4
[All SY0-701 Questions]

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Show Suggested Answer Hide Answer
Suggested Answer: A

A full inventory of all hardware and software is essential for measuring the overall risk to an organization when a new vulnerability is disclosed, because it allows the security analyst to identify which systems are affected by the vulnerability and prioritize the remediation efforts. Without a full inventory, the security analyst may miss some vulnerable systems or waste time and resources on irrelevant ones.Documentation of system classifications, a list of system owners and their departments, and third-party risk assessment documentation are all useful for risk management, but they are not sufficient to measure the impact of a new vulnerability.:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1221; Risk Assessment and Analysis Methods: Qualitative and Quantitative3


by Melissa at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium SY0-701 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dorethea
15 days ago
I lean towards B. Knowing system classifications helps prioritize vulnerabilities.
upvoted 0 times
...
Annice
21 days ago
I think A is crucial. Without a full inventory, how can you assess risk?
upvoted 0 times
...
Gertude
26 days ago
Wait, do people really not keep an inventory? That's wild!
upvoted 0 times
...
Carry
1 month ago
Totally agree with A! Can't measure risk without knowing what you have.
upvoted 0 times
...
Karl
1 month ago
Not sure if third-party risk assessments are necessary for every vulnerability.
upvoted 0 times
...
Vicki
1 month ago
I think documentation of system classifications is just as important.
upvoted 0 times
...
Yaeko
2 months ago
A full inventory of all hardware and software is crucial!
upvoted 0 times
...
Dalene
2 months ago
B, baby. Ain't no way you can measure risk without the system deets.
upvoted 0 times
...
Rose
2 months ago
Option B is the answer, no doubt. Anything less is just guessing.
upvoted 0 times
...
Adelle
2 months ago
B all the way. Unless you want to be flying blind when a new bug pops up.
upvoted 0 times
...
Carline
2 months ago
B is the obvious choice. How else are you gonna figure out what's at risk? Duh.
upvoted 0 times
...
Charlene
2 months ago
Option B, for sure. Gotta know your systems inside and out to gauge the vulnerability.
upvoted 0 times
...
Tonette
3 months ago
Definitely B. You can't measure risk without understanding what's at stake.
upvoted 0 times
...
Olive
3 months ago
I agree, B is the way to go. Knowing the sensitivity of your systems is key to evaluating the potential impact.
upvoted 0 times
...
Brandon
3 months ago
Option B is the correct answer. Documenting system classifications is crucial for assessing the risk of a new vulnerability.
upvoted 0 times
...
Lavonne
4 months ago
Third-party risk assessments might be relevant, but I wonder if they are as critical as having a complete inventory.
upvoted 0 times
...
Chauncey
4 months ago
I feel like knowing the system owners is important, but I can't recall how it directly ties into measuring overall risk.
upvoted 0 times
...
Alexia
4 months ago
I remember a practice question that emphasized the importance of system classifications. It seems like that could help in measuring risk too.
upvoted 0 times
...
Cory
4 months ago
I think having a full inventory of all hardware and software is crucial, but I'm not entirely sure if it's the only thing we need.
upvoted 0 times
...
Melynda
4 months ago
I'd say we need a combination of all those things to really assess the risk comprehensively. Gotta cover all our bases.
upvoted 0 times
...
Nina
4 months ago
The third-party risk assessment docs could give some good insight into vulnerabilities we might not have visibility on internally.
upvoted 0 times
...
Tarra
5 months ago
Definitely need to know who the system owners are and what departments they're in. That'll help figure out the business impact.
upvoted 0 times
...
Lashaunda
5 months ago
Hmm, I'm not sure. I feel like the system classifications and documentation would be just as important to understand the overall risk.
upvoted 0 times
...
Kenneth
5 months ago
I think a full inventory of all hardware and software would be really helpful to get a clear picture of what's at risk.
upvoted 0 times
...

Save Cancel