CompTIA CySA+ CS0-003 Practice Question

A cybersecurity analyst is preparing a vulnerability management report and identifies a high-risk vulnerability on a system that is tightly governed by the organization's change management policies. The policy requires a two-week review period for any system changes, but the vendor has rated the vulnerability as 'critical' with a high likelihood of exploitation. In light of the existing organizational governance, which course of action should the analyst recommend in the vulnerability management report to address the risk adequately?

  • Suggest waiting for the two-week review period before any action, adhering to the strict change management policy.

  • Propose the creation of an exception in the governance policy for all vendor-rated critical vulnerabilities going forward.

  • Recommend implementing compensating controls and initiating an expedited review process for the patch deployment.

  • Advise immediate patch deployment to override the two-week review policy due to the vendor's critical rating.

CompTIA CySA+ CS0-003
Reporting and Communication
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot