CompTIA CySA+ CS0-003 Practice Question
A medium-sized financial organization with a strong online presence is revising its vulnerability management policy to ensure compliance with industry standards and to better protect client data against recent threats. As a cybersecurity analyst, you are asked to align the vulnerability management policy with the organization's service-level objectives. Which of the following activities would be MOST appropriate to undertake first?
Review the organization's service-level objectives to assess their compatibility with the desired vulnerability management policy outcomes.
Implement a new vulnerability scanning tool with the capability to perform continuous monitoring, assuming it will meet all service-level objectives.
Immediately schedule regular vulnerability scans during peak business hours to maximize the detection of vulnerabilities.
Advise the IT department to deploy a new patch management system without reviewing how it aligns with current service metrics.