A security architect at a large financial services company discovers that the IT department cannot produce a complete inventory of its server assets. This lack of visibility has led to several security incidents where unpatched, unknown systems were compromised. The architect needs to recommend a foundational solution that will serve as a single source of truth for all IT components and their relationships to improve overall security posture.
Which of the following should the architect recommend implementing?
A Governance, Risk, and Compliance (GRC) tool
A federated vulnerability scanning solution
A Configuration Management Database (CMDB)
A Security Information and Event Management (SIEM) system
A Configuration Management Database (CMDB) is the correct solution because its primary purpose is to store information about hardware and software assets (referred to as configuration items) and their relationships. Implementing a CMDB would provide a centralized, authoritative inventory, addressing the core problem of unknown assets and enabling better change management, vulnerability management, and risk assessment. A SIEM is used for log aggregation and analysis, a GRC tool manages policies and risk at a high level, and a vulnerability scanner identifies weaknesses but does not serve as a comprehensive asset inventory system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are resource interdependencies?
Open an interactive chat with Bash
Why is storing data in one repository beneficial for security?
Open an interactive chat with Bash
What are some examples of tools for managing resource interdependencies?