ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 303 discussion

Actual exam question from CompTIA's CS0-001
Question #: 303
Topic #: 1
[All CS0-001 Questions]

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.
Which of the following frameworks would BEST support the program? (Choose two.)

  • A. COBIT
  • B. NIST
  • C. ISO 27000 series
  • D. ITIL
  • E. COSO
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by s3curity1 at June 1, 2020, 5:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
s3curity1
Highly Voted 5 years ago
NIST and ISO 27000 series
upvoted 6 times
...
ramzie
Most Recent 4 years, 8 months ago
Policies form the basis of every strong information security program. A solid policy framework consists of policies, standards, procedures, and guidelines that work together to describe the security control environment of an organization. In addition to complying with internally developed policies, organizations often must comply with externally imposed compliance obligations. Security frameworks, such as the NIST Cybersecurity Framework and ISO 27001, provide a common structure for security programs based on accepted industry best practices. Organizations should implement and test security controls to achieve security control objectives that are developed based on the business and technical environment of the organization.
upvoted 2 times
...
B1llGat3s
4 years, 10 months ago
This question appears earlier on in this same question bank (it is a duplicate), and the discussion landed on NIST and ITIL as the answer.
upvoted 1 times
B1llGat3s
4 years, 10 months ago
I need to post a comment against the duplicate question. Checked ITIL Security Management, there is a sub-process called "Evaluate", which includes self-assessment, defined as "Examine implemented security agreements. The result of this process is self-assessment documents.". This would include vulnerability management, but it is presented at such a vague and high level that it would not be much use in helping direct the establishment of a vuln mgmt program. Bearing in mind the debate about whether ISO can be considered a framework (and we are talking semantics here!), I would also lean towards NIST and COBIT.
upvoted 1 times
B1llGat3s
4 years, 10 months ago
Definitely COBIT. COBIT 5 for Information Security is the reference, available from ISACA.
upvoted 1 times
...
...
...
shoop
5 years ago
Nope, my book from Pearson explicitly states COBIT and NIST are for vuln mgmt. This is a mistake
upvoted 3 times
s3curity1
5 years ago
Thanks mate. May I know what is the title of that book?
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel