Exam CV0-003 topic 1 question 6 discussion

Actual exam question from CompTIA's CV0-003

Question #: 6
Topic #: 1

A Chief Information Security Officer (CISO) is evaluating the company's security management program. The CISO needs to locate all the assets with identified deviations and mitigation measures. Which of the following would help the CISO with these requirements?

A. An SLA document
B. A DR plan
C. SOC procedures
D. A risk register

Show Suggested Answer

Suggested Answer: D 🗳️

by SimplyDebonair at March 31, 2022, 2:47 p.m.

Comments

Submit Cancel

SimplyDebonair

Highly Voted 2 years, 9 months ago

Selected Answer: D

The correct answer would be “D.” A risk register would outline all the assets with identified deviations and their mitigation measures. It would it also outline the risks, the risk(s) descriptions, the impact of the risks, and their likelihood of occurring. SOC procedures is poorly worded and doesn't clarify on whether this for your actual SOC's documentation/procedure processes. Or if this is related to SOC reports (Type I, II, or III) when it comes to GRC or RMF functions.

upvoted 9 times

SimplyDebonair

2 years, 8 months ago

All-in-One CV0-003 pgs. 395-397 SOC Procedures – outlines the individual steps required to complete a task. Furthermore, security procedures ensure that those who follow the procedures will do the following: • Perform the task consistently. • Take the predictable amount of time to perform the task. • Require the same resources each time the task is performed. Risk Register – a document that tracks: the lists of risks, a description of the risk, the impact of the risk would have on the business if actualized, and the likelihood of the risk. • Risk registers may document mitigating controls that reduce the risk. If they’re mentioned, the register will then show what the residual risk is after the mitigating control is factored in.

upvoted 7 times

...