Exam SY0-601 topic 1 question 376 discussion

the most reasonable answer is B. https://www.passportalmsp.com/blog/asset-tracking-managed-service-provider A - partially true, because it only says about risk assessment, which itself does not " aids in ensuring the security of an organization" C - partially true, with asset management, it would also require 802.1x (or PNAC). Also, BYOD will never go to corp network, you will most probably go on guest and use VPN to access corp resources. D - not true, no explanation needed

A. To provide data to quantify risk based on the organization's systems. Maintaining a functional and effective asset management policy is essential for ensuring the security of an organization. This policy enables the organization to identify all assets, such as hardware, software, and data, that exist within its environment. Once all assets are identified, the organization can determine their value, the risks associated with each asset, and the controls needed to protect those assets from threats. By having a clear picture of the organization's systems and assets, it becomes possible to identify vulnerabilities and prioritize efforts to address them. A well-executed asset management policy can provide the data necessary to quantify risk based on the organization's systems, which is crucial for effective risk management. While keeping software and hardware patched, only allowing approved devices onto the network, and standardizing hardware may all be important components of an asset management policy, they are not the primary reason for maintaining such a policy.

A, because while you can keep patches and the like up to date, a more general view is better in this case. For example, finding out a Zero Day just came out is a minor panic event. Determining that your systems either are or are not affected will change your security posture regarding those systems. Quantifying risk overall is better than just ensuring patches are up to date. Not that B is wrong, it's a valid reason. It's that A is a "better" reason. And that's part of the reason I hate CompTIA questions. Because they present 2 very valid answers and the correct answer can almost be a matter of opinion from the question writer.

I was going with A until I asked ChatGPT in precise mode: All of the options listed are valid reasons for maintaining an asset management policy. However, the BEST reason would be Option B: To keep all software and hardware fully patched for known vulnerabilities. An effective asset management policy helps an organization keep track of all its assets, including software and hardware. This allows the organization to ensure that all assets are up-to-date with the latest patches, which is crucial for mitigating known vulnerabilities and enhancing the overall security posture of the organization. While the other options also contribute to the security of an organization, keeping software and hardware fully patched is a fundamental and proactive measure in cybersecurity.

Going with B since A talks about quantify which means money. The question is asking about security.

A. To provide data to quantify risk based on the organization's systems.

Guys, Shadow IT is the enemy. Asset Control is how you find the bastards. Some egotistical prick manager has a vendor put a unpatched server or misconfigured one on your network and it's like your walking around with your pants down. Wide open door to hackers. Pick C

I came here after i got this question in my comptia sec+ exam I answered B because the question ask which is the best for security purpose following prof. Messer study notes A B C are part of asset management policy but the best one to help security it s B Still don't know if I have answered correctly

B. To keep all software and hardware fully patched for known vulnerabilities The purpose of an Asset Management Policy to to have documentation that allow for the proper acquirement, maintenance, management, and value of an organization's assets. Patching known vulnerabilities specifically speaks to the security of the organization. Even though having a list of assets is helpful in A. "quantifying risk" that is not specifically ensuring the security of the organization. D. has nothing to do with security and C. is more about security but leans more towards a Network Security Policy not really about the Assets Management Policy.

Think ALE, ARO and SLE here. A

This one was in my exam Oct 28, 2023. I went with B. Passed with 790. About 50% questions were from this dump but I don't have the contributor access. 3 Simulations: Firewalls, Attacks and data classification. Other questions were not that difficult, just new to me; few were bizarre but that's compTIA for you. Good luck folks.

The BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization is: A. To provide data to quantify risk based on the organization's systems. Effective asset management provides an organization with a clear understanding of its IT assets, including hardware, software, and data. This data is crucial for quantifying risk because it allows the organization to identify vulnerabilities, assess potential threats, and understand the impact of asset-related risks on the organization. Without a comprehensive view of their assets, organizations cannot accurately quantify the risks they face, making it difficult to implement security measures effectivel

B. I chose B here.

so i think we just need to rephrase the question and it goes like this "what is the reason why you need to have an effective asset management policy when it comes to security?" What does effective cybersecurity asset management do? It helps you: Monitor all assets' lifecycle from new asset creation to the point that it becomes obsolete and must be disposed of Ensure that cyber assets remain secure and compliant << i would like to focus more on this one Spot unknown assets and bring them under management for their protection Regularly maintain assets to detect unauthorized changes Gain insight into your internal and external attack surface so there you have it. i do not think it provides any quantifiable data but more of protecting your organization, that is why i selected B

A all the way.

Maintaining an asset management policy helps in identifying and tracking all the assets (hardware, software, devices) within the organization's environment. By having accurate and up-to-date information about the organization's systems, it becomes possible to assess and quantify the associated risks. This information is crucial for making informed decisions regarding security controls, prioritizing security measures, and allocating resources effectively.

The key here is that with an ITAM [IT asset management] system in place, an organization can readily track IT assets throughout their lifespan, from acquisition to modification, from assignment to users, to upgrade needs and actual upgrades, and finally to destruction or recycling at end of life. ITAM monitors systems for hardware and software installations that aren’t on the approved list (naughty, naughty!) and any new vulnerabilities that crop up, plus the updates and patches needed to address those vulnerabilities." -Mike Meyers' Security+ Certification Guide Third Edition SY0-601 "Asset Management: If we had an up-to-date asset register coupled with a standard naming convention of different assets, we could keep track of all our assets and ensure they were accounted for and fully patched. Security administrators could compare the asset management register to unknown devices that could be identified as rogue devices on the network." -Security+ SY0-601 Certification Guide Second Edition by Ian Neil