CompTIA CySA+ CS0-003 Practice Question
During a routine vulnerability assessment, it is discovered that a financial application critical to year-end reporting contains a vulnerability that, if exploited, could compromise sensitive financial data. The patch for this vulnerability would necessitate multiple service interruptions over a week. With year-end financial processes pending, which recommendation should the cybersecurity analyst prioritize in the action plan to ensure the least disruption while maintaining security?
Proceed with repatching during the year-end processing period due to the critical nature of the vulnerability.
Increase logging and monitoring around the financial application but do not apply the patch or any compensating controls until an assessment post year-end is conducted.
Implement compensating controls and defer patching until after the year-end processing, minimizing disruption to business operations.
Leave the system unpatched and accept the risk because year-end reporting is considered a higher priority.