1d • 🙋♂️ CISSP
CISSP Practice Question (Domain 6: Security Assessment & Testing / Continuous Monitoring)
An organization replaces periodic vulnerability scans with a continuous exposure-management platform that automatically adjusts risk scores based on real-time threat intelligence.
During an internal audit, leadership asks whether this approach still satisfies regulatory expectations for formal security assessments.
What should the security manager do FIRST to address this concern?
A. Map continuous monitoring outputs to regulatory assessment requirements
B. Resume scheduled vulnerability scans to avoid audit findings
C. Request written approval from regulators for the new approach
D. Disable automated risk scoring and rely on static assessments
2
19 comments
CISSP Practice Question (Domain 6: Security Assessment & Testing / Continuous Monitoring)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+41
2
+31
3
+29
4
+26
5
+24
Powered by