ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 160 discussion

Actual exam question from CompTIA's CAS-003
Question #: 160
Topic #: 1
[All CAS-003 Questions]

The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?

  • A. KRI: - Compliance with regulations - Backlog of unresolved security investigations - Severity of threats and vulnerabilities reported by sensors - Time to patch critical issues on a monthly basis KPI: - Time to resolve open security items - % of suppliers with approved security control frameworks - EDR coverage across the fleet - Threat landscape rating
  • B. KRI: - EDR coverage across the fleet - Backlog of unresolved security investigations - Time to patch critical issues on a monthly basis - Threat landscape rating KPI: - Time to resolve open security items - Compliance with regulations - % of suppliers with approved security control frameworks - Severity of threats and vulnerabilities reported by sensors
  • C. KRI: - EDR coverage across the fleet - % of suppliers with approved security control framework - Backlog of unresolved security investigations - Threat landscape rating KPI: - Time to resolve open security items - Compliance with regulations - Time to patch critical issues on a monthly basis - Severity of threats and vulnerabilities reported by sensors
  • D. KPI: - Compliance with regulations - % of suppliers with approved security control frameworks - Severity of threats and vulnerabilities reported by sensors - Threat landscape rating KRI: - Time to resolve open security items - Backlog of unresolved security investigations - EDR coverage across the fleet - Time to patch critical issues on a monthly basis
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by qwertybob at June 24, 2020, 9:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
D1960
3 years, 11 months ago
Maybe B or C? One metric I feel fairly certain is a KRI is "Threat landscape rating." No way that could be a performance rating. This would narrow it down to B or C. Of those two choices, I would lean towards C.
upvoted 2 times
...
D1960
4 years ago
Key Risk Indicators (KRI) are metrics that predict potential risks. Key Performance Indicators (KPI) measure progress toward an intended result. Problem is, since you are always working towards eliminating as much risk as you practically can, the same item might seem like both a KPI and KRI. For example: a company wants "compliance with regulations" to be 100%. So if compliance is 50%, that tells the company their *performance* in that regard. Or another way to look at it: the is at 50% *risk* of being out of compliance. The better your "EDR coverage across the fleet" the lower your *risk* - which means that "EDR coverage across the fleet" is a measurement of *performance* towards lowering that risk.
upvoted 2 times
...
qwertybob
4 years, 10 months ago
The only issue i see with A as the answer is time to patch critical issues. KPI is a quantifiable metric. That should have been a KPI. I leaning towards C as the answer.
upvoted 2 times
D1960
4 years, 3 months ago
I think "Compliance with regulations" has to come first. I also think that is a risk indicator, nor a performance indicator. Tough call, but I think I will stick with A.
upvoted 1 times
TheThreatGuy
4 years, 2 months ago
I think Compliance with regulations is a KPI, KPI looks backward, KRI looks forward. Compliance is what we did, not what we predict. I think C here.
upvoted 2 times
D1960
4 years ago
Key Performance Indicators (KPI) measure progress toward an intended result. So I can see how "Compliance with regulations" is a KPI. But if that is a KPI, then why isn't "EDR coverage across the fleet" also a KPI, and not a KRI?
upvoted 1 times
...
...
...
D1960
3 years, 11 months ago
No way "threat landscape rating" could be a KPI.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago