CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA CySA+ CS0-003 Practice Question

A cybersecurity analyst is preparing a vulnerability management report and identifies a high-risk vulnerability on a system that is tightly governed by the organization's change management policies. The policy requires a two-week review period for any system changes, but the vendor has rated the vulnerability as 'critical' with a high likelihood of exploitation. In light of the existing organizational governance, which course of action should the analyst recommend in the vulnerability management report to address the risk adequately?

  • Recommend implementing compensating controls and initiating an expedited review process for the patch deployment.

  • Suggest waiting for the two-week review period before any action, adhering to the strict change management policy.

  • Advise immediate patch deployment to override the two-week review policy due to the vendor's critical rating.

  • Propose the creation of an exception in the governance policy for all vendor-rated critical vulnerabilities going forward.

This question is for objective:
Reporting and Communication
Your Score:
Reporting and Communication
Security Operations