CompTIA CySA+ CS0-003 Practice Question

Your organization employs a proprietary industrial control system (ICS) in its manufacturing process. There are known vulnerabilities for which no patches exist due to the out-of-support nature of the system. As a cybersecurity analyst preparing a vulnerability management report, how should you classify this issue taking into account the inhibitors to remediation?

  • Indicate that no action is needed while accepting all inherent risks because the system is proprietary.

  • Advise the immediate discontinuation of the proprietary system until a patch is available.

  • Recommend implementing compensating controls to minimize the risk posed by the vulnerabilities.

  • Suggest waiting for a vendor-supplied patch as the sole course of action.

CompTIA CySA+ CS0-003
Reporting and Communication
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot