Free CompTIA CySA+ CS0-003 Practice Question

A security analyst is tasked with the vulnerability management process in an organization that follows strict regulatory compliance. After the latest vulnerability scan, several issues have been identified, but due to resource constraints not all can be immediately addressed. Which of the following should be the FIRST step in prioritizing which vulnerabilities to mitigate?

  • Apply risk management principles to determine the level of threat each vulnerability poses to the organization.

  • List the vulnerabilities in descending order of asset criticality.

  • Rank the vulnerabilities based on the potential scope of impact alone.

  • Prioritize based on which vulnerabilities require a patch available from the software vendor.

This question's topic:
CompTIA CySA+ CS0-003 / 
Vulnerability Management
Your Score:

Check or uncheck an objective to set which questions you will receive.