A. After detection of a breach is the most likely situation that would warrant revalidation of a previous security assessment. Detection of a security breach indicates that the current security measures in place have failed, and a revalidation of the previous security assessment would be necessary to identify any additional vulnerabilities and to ensure that the organization's security measures are adequate to prevent future breaches.
It's tough, but if there was a breach why would you revalidate failed measures? Theres nothing to revalidate if you have a breach cause its proved to be invalid measures.
B) Because you're RE-validating a test, meaning the same tests you previously ran.
Not A because if a breach occurred, that warrants an entirely new test.
C makes sense too, but B would be MORE urgent.
D just doesn't make sense at all.
If you fail or perform poorly on an assessment, you would remedy as many findings as possible. Then you would revalidate.
After a merger or acquisition would prompt for a new validation.
After a security breach wouldn't make sense unless you make configuration changes.
The questions asks about re-validation of a previous security assessment. In the case of a merger or acquisition, this would require a completely different assessment. With the word, "revalidation", the question is asking "under what situation would you assume that there was something wrong with the previous security assessment". When a company is breached, the security assessment didn't properly identify holes in the company's security posture and thus needs to be re-examined.
Going A. you should revalidate your security assessment after a breach
B would cause you to create a new security assessment not revalidate an old one.
D is also important to revalidate after remidiation however its more critical to revalidate your security measures after a breach as it is a more immediate trigger and highlights active security issues.
D.
After a security breach, you'd perform incident response to confirm the cause of the breach, not a vulnerability scan. Once you patch vulnerabilities after a scan, you scan to validate.
I vote in D because the statement said: revalidation of a previous security assessment. So, is recommended after you remediated the identified vulnerability to redo a revalidation.
I vote D because you would want to verify the effectiveness of your remediation efforts. Options A and B requires to review the "Security Policy" of a company - not the security assessment. Option C is more into regression testing, than security assessment.
This should be a logical extension of the original testing. Allowing time for mitigation measures to be implemented, then revalidating the test that showed the need for those measures in the first place to ensure they are operating as intended.
For a retest, the purpose is to analyze progress made in applying the mitigations to the attack vectors that were found during the penetration test. The first step will be scheduling additional tests with the client organization in order to assess their progress...
A. A breach does not warrant revalidation of a previous security assessment. It straight proves that there were problems with it to begin with.
B. A merge usually triggers a security revalidation so I'll go with this one.
Revalidation of a previous security assessment becomes most essential when significant changes occur that might drastically alter the security posture of the organization. Among the given options:
B. After a merger or an acquisition
This situation would MOST likely warrant a revalidation of the security assessment. Mergers and acquisitions typically involve integrating different systems, networks, applications, policies, and procedures. These substantial changes can introduce new risks and vulnerabilities that were not part of the previous security landscape.
While the other options might also justify a review or partial reassessment of security measures, a merger or acquisition would most likely necessitate a comprehensive reevaluation due to the complexity and the broad range of potential changes to the organization's security environment.
A merger would warrant a NEW assessment, re-validating an old assessment is of no use within an environment that now has new systems, networks, applications, policies, and procedures.
The situation that would MOST likely warrant revalidation of a previous security assessment is option A: After detection of a breach.
If a breach has occurred, it indicates that the existing security measures and controls have not been effective in preventing the attack. In such a scenario, it is important to revalidate the previous security assessment to determine what went wrong, and what changes need to be made to strengthen the security posture of the organization.
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
RRabbit_111
Highly Voted 2 years, 3 months agoshakevia463
2 years, 2 months agoyeahnodontthinkso
Most Recent 4 days, 8 hours agofecffa8
5 months, 3 weeks agofuzzyguzzy
8 months, 2 weeks agoStillFiguringItOut
8 months, 3 weeks agofuzzyguzzy
9 months agoCCSXorabove
9 months, 2 weeks agodeeden
1 year, 1 month agor3vrnd
1 year, 1 month agoyeti87
1 year, 2 months agoSleezyglizzy
1 year, 2 months agoKeToopStudy
1 year, 4 months agolordguck
1 year, 5 months agohitagitore
3 months, 4 weeks ago[Removed]
1 year, 5 months ago[Removed]
1 year, 5 months agoSkater_Grace
1 year, 6 months agosolutionz
1 year, 8 months agoNoragretz
1 year, 7 months agoLolazo
2 years ago