A business analyst is drafting a risk assessment Which of th

A business analyst is drafting a risk assessment which of th - CompTIA CLO-002

Question

A business analyst is drafting a risk assessment. Which of the following components should be included in the draft? (Choose two.)

Answers

correct

Asset management
Database type
Encryption algorithms
Certificate name
Asset inventory
correct

Data classification

Explanation

Correct Answers: A. Asset management and F. Data classification

A. Asset management

Asset management involves identifying, tracking, and managing the assets that are critical to an organization's operations, including hardware, software, data, and systems. It is essential in a risk assessment to understand what assets exist, their importance, and their vulnerabilities.

Why it’s correct:
A risk assessment requires a clear understanding of the organization's assets to identify potential risks and their impact.
- Example: Knowing which servers host sensitive customer data helps assess the risk of a data breach.

F. Data classification

Data classification involves categorizing data based on its sensitivity, importance, and the level of protection it requires (e.g., public, confidential, highly confidential). It helps prioritize risks and determine the necessary security controls.

Why it’s correct:
Risk assessments must consider how data is classified to evaluate the potential impact of its exposure or loss.
- Example: A risk assessment might highlight the need for stronger controls for "confidential" data compared to "public" data.

Why the Other Options Are Incorrect:

Database type (Incorrect)

While knowing the database type (e.g., SQL, NoSQL) may be relevant for system design or security implementation, it is not a critical component of a risk assessment, which focuses on assets, risks, and impacts.

Encryption algorithms (Incorrect)

Encryption algorithms are a technical detail of how data is protected, not a component of a risk assessment. Risk assessments focus on identifying and evaluating risks, not specifying implementation details.

Certificate name (Incorrect)

Certificate names are specific to authentication and encryption mechanisms. While certificates are part of securing systems, their specific names are irrelevant in a broad risk assessment.

Asset inventory (Incorrect)

While related to asset management, an asset inventory is a detailed list of assets and is a subset of asset management. Asset management includes not just listing assets but also evaluating their value and importance, making it the more comprehensive and relevant choice.

View Full Course Content Try our Free Questions

No Payment Cards Needed

CompTIA Cloud Essentials+ CLO-002 exam

Normally $89

$45/month

Subjects Included

CompTIA Cloud Essentials+ CLO-002

Additional Features

Over 300 Practice Questions with Answers
Quizzes in every Lesson Provided
Detailed Analysis of Questions with Answers and Explanations
Detailed Notes with Chapters, Topics & Lessons
24/7 Live chat support
24/7 WhatsApp support
One Full Month Access

Get Started

View Other Pricing Plans

CompTIA Prep

CompTIA Cloud+ CV0-004

Start Course Prep

CompTIA Prep

CompTIA Server+ SK0-005

Start Course Prep

Easy way to pass your test within a week with prepsaret

You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams

View Courses Offered