A cybersecurity team is struggling with vulnerability remediation. After patches are deployed, vulnerability scans frequently reveal that old vulnerabilities have reappeared or new misconfigurations have been introduced. The team concludes they cannot reliably track the security state of their assets over time. This prevents them from validating successful patching or identifying unauthorized changes. To create a more effective vulnerability management action plan, which of the following processes should the team implement to address this core problem?
Draft a new memorandum of understanding (MOU) with the IT team
Implement configuration management
Establish a more aggressive patch deployment schedule
Define a new service-level agreement (SLA) focused on remediation time
The correct answer is implementing configuration management. The scenario describes a problem where a lack of a reliable asset and configuration baseline leads to ineffective remediation and recurring vulnerabilities. Configuration management provides a systematic approach to maintaining an accurate inventory of all systems, their components, and their approved configurations (baselines). By tracking changes against this baseline, an organization can identify unauthorized or failed changes, validate that patches and security settings are correctly applied, and understand the impact of vulnerabilities. A more aggressive patching schedule would likely worsen the chaos without a stable configuration baseline. A memorandum of understanding (MOU) and service-level agreement (SLA) are important for defining responsibilities and performance targets but do not provide the technical mechanism needed to track and control system configurations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is configuration management in cybersecurity?
Open an interactive chat with Bash
How does configuration management differ from patch management?
Open an interactive chat with Bash
Why is a configuration baseline critical for vulnerability management?