1d • 🙋♂️ CISSP
CISSP Practice Question (Domain 6: Security Assessment & Testing / Penetration Testing Governance)
A penetration test identifies a critical vulnerability in a customer-facing application, but exploitation would require downtime during peak business hours.
The business requests delaying remediation until the next quarterly release. What should the security manager do FIRST?
A. Accept the risk and document the delay as requested
B. Perform a risk assessment and present impact analysis to business leadership
C. Immediately remediate the vulnerability despite business objections
D. Disable the affected application until remediation is complete
3
18 comments
CISSP Practice Question (Domain 6: Security Assessment & Testing / Penetration Testing Governance)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+36
2
+31
3
+28
4
+26
5
+26
Powered by