The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?
I think they trying to trick you...
I am looking at the key words Response vs Remediation.
Response - Incident response activities include detection, analysis, containment, eradication, recovery, communication, and documentation.
Remediation - Remediation activities include applying patches, fixing misconfigurations, updating security policies, improving access controls, and implementing other corrective measures.
I think that it wouldn't be "A" because they didn't mention this vuln existed in their environment. They just mentioned that the CEO heard, so this mean that they need to do some of the activities to identify whether vuln finding has existed on their environment or not!
Please help to correct me, if I am wrong!
And we can also Calculate mean time to respond by measuring the time from when your team detects an incident to when you launch (or complete) the repair or remediation plan. So answer is A
Not sure if A or C.
I'm leaning more to A.
The term 'mean time to remediate' is a definition - at least in comptia study guide!
It is used in the IR metrics chapter.
So we have it in this order:
mean time to detect
mean time to respond
mean time to remediate
I would say "mean time to respond" does not include patching, but in it is in the "mean time to remediate", so that is why I choose A.
The CEO is worried that the organization will not be fully patched by the time the 45 days has begun in which is when the patch will be available to the public, so once the patch is released, after 45 days hackers start checking which organizations are not patched yet, therefore decreasing the remediation time to 30 days gives the organization 15 days of leah way to thoroughly check if the organization will be / is fully patched.
Why not C (Mean Time to Respond of 15 days)?
Mean Time to Respond (MTTR) refers to how quickly an organization reacts after detecting an incident.
However, in this scenario, the goal is to prevent exploitation before attackers start using newly discovered vulnerabilities (~45 days after a patch is released).
Even if the organization responds quickly (within 15 days of detecting an attack), it still means the attack already happened—which is not ideal.
Reducing the mean time to remediate vulnerabilities to 30 days would significantly reduce the organization's exposure to attacks that exploit unpatched vulnerabilities.
This question was in the test !
I took the test today. This site helped me a lot and the majority of the questions are in the test if you have the cotributor version which is paid. Make sure you master the chapters on vulnerabilities because there are a lot of questions there. I wish you good luck!
I would say that A is the correct answer since (as far as I have learned) patching is typically not a part of responding. Rather, patching is considered a way to remediate an incident.
If the organization can remediate vulnerabilities in 30 days, it will be applying patches well before the 45-day window when attackers typically start exploiting vulnerabilities.
Mean Time to Remediate—A metric used to measure how quickly an organization can resolve an incident. MTTR is a valuable metric for evaluating an organization’s effectiveness in RESPONDING TO and RESOLVING incidents.
I was also questioning this.
ChatGPT says "The correct answer is C. A mean time to respond of 15 days.
The scenario described indicates that attackers are exploiting vulnerabilities approximately 45 days after a patch is released. This suggests that organizations are taking too long to respond to and apply patches, leaving a window of opportunity for attackers to exploit those vulnerabilities.
A "mean time to respond" (MTTR) of 15 days would be the most effective in reducing the risk of exploitation. MTTR refers to the average time it takes an organization to respond to and mitigate a security incident or vulnerability once it has been detected. By responding within 15 days, the organization would be able to address vulnerabilities and apply patches more quickly, reducing the likelihood of exploitation."
To best protect the organization from exploitation of new attacks, it's important to reduce the time between the release of patches and their implementation within the organization. This is known as the "time to remediate" or "mean time to remediate" (MTTR). Therefore, the option that aligns with this objective is:
A. A mean time to remediate of 30 days
A shorter mean time to remediate ensures that patches are applied more quickly, reducing the window of vulnerability and the likelihood of exploitation. Options B and C, with longer timeframes, would increase the organization's exposure to potential attacks. Third-party application testing (option D) is important but is not directly addressing the time it takes to apply patches after they are released.
Guys this is C 100%, this question is eluding to the fact that the company are taking too long to patch vulnerable systems. A mean time to respond of 15 days is much better & faster than a mean time to remediate of 30 days.
C is correct. When you have a response policy that requires a review at least every 15 days, it will help the company recognize all newly patched exploitations within that timeframe, as a mean time to respond (MTTR) of 15 days is required.
When you discover a risk, your team will fix it right away with just a click of a button to update the patch released 15 days ago. The goal is to find out about it ASAP. It is nonsensical to compare mean time to remediate or respond in this context.
Are you going to sit there after you have responded to it and watch because no-one told you to remediate it, or act honorably, honestly, justly, and responsibly by fixing the issue as soon as possible with your professional responsibility?
A mean time to remediate of 30 days implies that the organization aims to remediate vulnerabilities within 30 days of their discovery. Since exploitation of new attacks tends to occur approximately 45 days after a patch is released, aiming for a mean time to remediate of 30 days ensures that vulnerabilities are patched before attackers have the opportunity to exploit them.
A. is the only answer that specifies a timeframe for "remediation." That is the keyword in this answer. 30 days is also less than the defined maximum in the question.
I think that it wouldn't be "A" because they didn't mention this vuln existed in their environment. They just mentioned that the CEO heard, so this mean that they need to do some of the activities to identify whether vuln finding has existed on their environment or not!
Please help to correct me, if I am wrong!
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ha33yp0tt3r69
Highly Voted 9 months, 1 week agoPhanna
1 year, 1 month agoRee1234
1 year, 1 month agomuvisan
Highly Voted 9 months, 1 week agoCyberMom
Most Recent 1 month, 1 week agoNilab
3 months, 3 weeks agoCyberMom
4 months, 3 weeks agoKANKALE
4 months, 3 weeks agoCidom10
7 months, 1 week agocy_analyst
8 months, 4 weeks agoBdav
9 months ago581777a
9 months, 1 week agoRobV
9 months, 1 week agoB3hindCl0sedD00rs
9 months, 1 week agobolinhtinh
9 months, 1 week agoBanesTech
9 months, 1 week ago1my0ur9uy
11 months, 2 weeks agoPhanna
1 year, 1 month agoMehe323
1 year, 1 month ago