A consulting team is conducting a security assessment for a medium-sized enterprise and uncovers a newly reported exploit that poses a major risk. The team’s original plan was to complete network mapping before moving on to vulnerability analysis. Which course of action best addresses the new threat while ensuring all other key tasks remain on track?
Set the exploit aside while finishing the standard mapping phase to maintain the chosen approach
Treat the exploit as low severity and center assessment efforts on endpoint protection
Engage the sponsor to revise the plan, allocating time to examine the exploit while continuing other activities
Pause the assessment and explore adjusting the contract to include the exploit in the statement of work
Shifting critical tasks in a planned manner is important whenever a new exploit emerges. The best approach involves discussing changes with the main contact and adjusting the actions to match the agreed timeline. By focusing on the newly identified exploit while still reserving resources for other tasks, the impact of the threat is managed promptly. Other options involve ignoring or postponing key steps, applying unwarranted delays, or treating the threat as low risk when it is not.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to revise a security assessment plan when a new exploit is discovered?
Open an interactive chat with Bash
What is the role of the sponsor in revising a security assessment plan?
Open an interactive chat with Bash
How does vulnerability analysis differ from network mapping in a security assessment?