ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security architect is finalizing the quarterly risk review for a SaaS workload on AWS. A critical privilege-escalation flaw was reported in the Amazon Linux AMI powering hundreds of EC2 instances. Patches will be deployed during the next maintenance window seven days from now. To preserve accurate risk visibility, which action is MOST appropriate to take in the organization's risk register immediately?
Add or update a dedicated entry that details the new AMI vulnerability, specifies its likelihood and potential impact, assigns an owner, and records the planned mitigation date.
Delete any previous EC2 security risks from the register and rely on the change-management ticket to avoid duplicate documentation.
Note the issue only in the configuration-management database (CMDB) because the risk register is reserved for strategic risks, not operational vulnerabilities.
Revise the organization's overall risk appetite statement to indicate zero tolerance for unpatched operating systems, leaving individual findings out of the register.
A risk register is the authoritative list of known risks and their current status. When a new threat or vulnerability is identified, the organization should create or update a separate risk item that captures a clear description of the issue, its likelihood and impact, the affected asset, the assigned risk owner, and the planned treatment date. This lets management track mitigation progress and reassess priority during the next review. Deleting earlier entries, recording the issue only in a change-management system, or changing the enterprise-wide risk appetite fails to provide adequate visibility or accountability for this specific vulnerability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a risk register used for?
Open an interactive chat with Bash
What is an AMI, and why is it significant for EC2 instances?
Open an interactive chat with Bash
What is the difference between a risk register and a CMDB?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Risk Identification, Monitoring and Analysis
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .