✅ A. At the individual product level
🔍 Explanation:
When a critical vendor supplies multiple products, a proper risk assessment should be conducted for each product individually. This is because:
Each product may have different security risks, data sensitivities, compliance requirements, or integration points with your systems.
Assessing risk at the vendor level alone may miss product-specific vulnerabilities or operational dependencies.
❌ Why the other options are incorrect:
B. Through the selection of a random product
This introduces bias and does not ensure full visibility into the vendor's risk posture.
C. Using a third-party audit report
Helpful as supplemental evidence, but not a replacement for a tailored risk assessment.
D. By choosing a major product
May miss risks in less critical but still impactful products.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CAS-005 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
vicbersong
1 week, 1 day ago