Free CompTIA CySA+ CS0-003 Practice Question

During a routine vulnerability assessment, it is discovered that a financial application critical to year-end reporting contains a vulnerability that, if exploited, could compromise sensitive financial data. The patch for this vulnerability would necessitate multiple service interruptions over a week. With year-end financial processes pending, which recommendation should the cybersecurity analyst prioritize in the action plan to ensure the least disruption while maintaining security?

  • Implement compensating controls and defer patching until after the year-end processing, minimizing disruption to business operations.

  • Leave the system unpatched and accept the risk because year-end reporting is considered a higher priority.

  • Increase logging and monitoring around the financial application but do not apply the patch or any compensating controls until an assessment post year-end is conducted.

  • Proceed with repatching during the year-end processing period due to the critical nature of the vulnerability.

This question's topic:
CompTIA CySA+ CS0-003 / 
Reporting and Communication
Your Score:

Check or uncheck an objective to set which questions you will receive.