CompTIA CySA+ Practice Questions: Risk Management

17 free, exam-style CompTIA CySA+ (CS0-003) practice questions covering Risk Management. Each question shows the correct answer and a clear explanation. Ready for the real thing? Take the full timed quiz below.

🚀 Take the full CompTIA CySA+ quiz 📘 CompTIA CySA+ study guide

Q1. What is the main purpose of a risk register? (Q-627ff0)

Explanation: Risk registers track identified risks and mitigation strategies. Learn more.

Q2. What is the MAIN risk of shadow IT? (Q-627ff5)

Explanation: Shadow IT refers to unauthorized systems that bypass organizational security policies. Learn more.

Q3. What is the purpose of a BIA in risk management? (Q-627ff9)

Explanation: Business Impact Analysis (BIA) identifies essential functions and their recovery needs. Learn more.

Q4. What is the PRIMARY purpose of a risk assessment? (Q-628010)

Explanation: Risk assessments identify threats and prioritize mitigation efforts. Learn more.

Q5. What is the PRIMARY risk of using third-party software repositories? (Q-628020)

Explanation: Unofficial repositories may host maliciously modified packages. Learn more.

Q6. Which of the following is an example of a compensating control? (Q-924486)

Explanation: Compensating controls mitigate risks when primary controls aren't feasible. Learn more.

Q7. Which NIST CSF function includes asset management? (Q-924488)

Explanation: The Identify function covers asset and risk management. Learn more.

Q8. What does CARTA stand for in security strategy? (Q-628027)

Explanation: CARTA advocates for real-time, adaptive security decisions. Learn more.

Q9. What is the PRIMARY purpose of a chaos engineering practice? (Q-628036)

Explanation: Chaos engineering tests system reliability by simulating failures. Learn more.

Q10. What does SBOM stand for in software supply chain security? (Q-628041)

Explanation: SBOMs inventory software components to track vulnerabilities. Learn more.

Q11. What is the PRIMARY purpose of the ACSC Essential Eight? (Q-628047)

Explanation: Australia's Essential Eight outlines key security controls for cyber resilience. Learn more.

Q12. What does SBOM stand for in software supply chain security? (Q-628063)

Explanation: SBOMs inventory software components to track vulnerabilities. Learn more.

Q13. What is the PRIMARY purpose of the ACSC Essential Eight? (Q-628065)

Explanation: Australia's Essential Eight outlines key security controls. Learn more.

Q14. What does SBOM stand for in software supply chain security? (Q-628069)

Explanation: SBOMs inventory software components to track vulnerabilities. Learn more.

Q15. What is the PRIMARY purpose of the ACSC Essential Eight? (Q-628075)

Explanation: Australia's Essential Eight outlines key security controls. Learn more.

Q16. What does SBOM stand for in software supply chain security? (Q-628079)

Explanation: SBOMs inventory software components to track vulnerabilities. Learn more.

Q17. What is the PRIMARY purpose of the ACSC Essential Eight? (Q-628085)

Explanation: Australia's Essential Eight outlines key security controls. Learn more.

More CompTIA CySA+ practice topics