ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 222 discussion

Actual exam question from CompTIA's CS0-001
Question #: 222
Topic #: 1
[All CS0-001 Questions]

A security analyst has just completed a vulnerability scan of servers that support a business critical application that is managed by an outside vendor. The results of the scan indicate the devices are missing critical patches. Which of the following factors can inhibit remediation of these vulnerabilities? (Choose two.)

  • A. Inappropriate data classifications
  • B. SLAs with the supporting vendor
  • C. Business process interruption
  • D. Required sandbox testing
  • E. Incomplete asset inventory
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by Rowlandmarc at May 16, 2020, 10:44 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cusase
4 years, 9 months ago
Inhibitors of Remediation MOU SLA IT Governance Business Process Interruption § Degrading Functionality
upvoted 1 times
...
Blind_Hatred
5 years ago
A. Not related. B. Yes, because we're talking about INHIBITION, which means it "stands in the way of". If not part of the SLA, the vendor may not be compelled to remediate the vulnerabilities. C. Absolutely. When a critical business process is involved, management may not be so keen on downtime of a server, even if it is for patching. D. Nope, because this should be part of your vulnerability management process. It can save you time in production by testing patches in staging. E. It might slow you down, but not stop you.
upvoted 4 times
...
Rowlandmarc
5 years, 2 months ago
specifies management by outside vendor... So i would chose B & C
upvoted 4 times
TheThreatGuy
5 years, 1 month ago
I disagree. Sla is not going to slow down any updates. These are business critical servers. So downtime and sandbox testing will be primary issues. C & D
upvoted 2 times
Blind_Hatred
5 years ago
Yes it might. In fact, if it's not clearly defined in your SLA, remediation might not even be required for a vendor: "SLAs exist to outline what the roles and responsibilities are for the service providers, including the limit of the services they can perform. Unless remediation is explicitly part of an SLA, providers cannot be compelled to perform those steps."
upvoted 4 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel