Free CompTIA CySA+ CS0-003 Practice Question

As a Security Analyst for a large organization, you have identified a low severity vulnerability on a server hosting a non-essential marketing website. The server is isolated from the internal network and contains no sensitive data. The vulnerability does not have a known exploit and fixing it would require taking the server offline during a major marketing campaign. What is the MOST appropriate risk management action to take in this scenario?

  • Document the vulnerability and accept the risk until the campaign is over.

  • Ignore the vulnerability since it has no known exploit and is not critical.

  • Immediately patch the vulnerability causing downtime during the marketing campaign.

  • Decommission the server as no vulnerability should be left unaddressed.

This question's topic:
CompTIA CySA+ CS0-003 / 
Vulnerability Management
Your Score:

Check or uncheck an objective to set which questions you will receive.