Free CompTIA CySA+ CS0-003 Practice Question

A cybersecurity analyst is preparing a vulnerability management report and identifies a high-risk vulnerability on a system that is tightly governed by the organization's change management policies. The policy requires a two-week review period for any system changes, but the vendor has rated the vulnerability as 'critical' with a high likelihood of exploitation. In light of the existing organizational governance, which course of action should the analyst recommend in the vulnerability management report to address the risk adequately?

  • Suggest waiting for the two-week review period before any action, adhering to the strict change management policy.

  • Advise immediate patch deployment to override the two-week review policy due to the vendor's critical rating.

  • Propose the creation of an exception in the governance policy for all vendor-rated critical vulnerabilities going forward.

  • Recommend implementing compensating controls and initiating an expedited review process for the patch deployment.

This question's topic:
CompTIA CySA+ CS0-003 / 
Reporting and Communication
Your Score:

Check or uncheck an objective to set which questions you will receive.