Exam CS0-003 topic 1 question 83 discussion

This one is pretty tough. TBH, I feel like A could also be the answer. The question states the analyst is "working with the respective system owners to help determine the best methodology... to promote confidentiality, availability, and integrity...". So clearly, it's a collaborative effort. The issue is, differentiating between system owners (question) and users (answer). Why would you interview the users and not the owners? The end users most likely don't have the knowledge required to best determine the security method. This would be system owners, so read answer choice A carefully. You're interviewing users, NOT owners. D is my vote. The higher the asset value, the greater the need to secure it. Think of a crown jewel. That gets priority.

My answer would be D. I believe the question is aimed around "Risk Calculation". Quantitative Risk & Qualitative Risk. Risk = Probability x Impact. Answer leaning towards D (& not A) because the question doesn't mention users (qualitative) but moreso the owners (quantitative). Quantitiative; suggesting "Single Loss Expectancy (SLE)", which is calculated SLE = AV x EF AV= Asset Value, EF= Exposure Factor. I was leaning towards A initially, but reading the question suggests owners (and not users), so it's down to how much money are they willing to lose if they lost services/data. D. Company reputation etc etc.

Agree that asset value should come from owners, not users.

Selected answer: A. It is part of your requirements gathering. It is the same question on the previous version exam and that was the answer on that version.

Correct To categorize and prioritize the respective systems based on their sensitivity and the importance of the data they host, the security analyst should first determine the asset value of each system. This involves assessing the value of the information hosted on each system, the potential impact of a breach or compromise, and the criticality of the system to the organization's operations.