A serious vulnerability was detected in a business application that can be exploited by external attackers to compromise the system. What is the information security manager's BEST course of action?
A.
Implement temporary remediation.
B.
Request an immediate shutdown of the application.
C.
Report the risk to the business application owner.
D.
Ask the business application owner to apply the fix immediately.
Let me give you an example... your a cop giving out a ticket. Scenario 1: Hand a speeder a ticket (report) you have x amount of days to pay this ticket or a warrant will be put out for your arrest. Scenario 2: Nicley ask the speeder to give you 150 dollars for speeding with no ticket given out. Which scenario do you think the $150 dollars would be collected. Obvious answer in that scenario and its the obvious answer for this question.
The best course of action would be to report the risk to the business application owner (option C). It is crucial to communicate the vulnerability to the owner of the application, as they are responsible for managing and maintaining the application. They should be made aware of the situation so that appropriate action can be taken. It is their responsibility to apply the necessary fix (option D) to address the vulnerability. Additionally, it may be advisable to collaborate with the business application owner to develop a temporary remediation plan (option A) if the fix cannot be immediately applied.
This is a tricky one:
I feel it's between C and D
For me:
C. Report the risk to the business application owner. This would be the answer if it asked what is the FIRST thing to do.
D. Ask the business application owner to apply the fix immediately. This would be the BEST thing to do seeing as it states it is a serious vulnerability.
I go with Goseu. C is the correct answer. Thinking like a manager. The Information Security Manager does not fix, the role is to coordinate and report to get it fixed. D is not correct either because we do not need to provide the timeline "immediately" as the business owner knows what to do.
reporting to the owner as a first step makes sense but the best action should be to ask to fix it immediately. Even if fix is not possible I would go with A to implement temporary remediation
1) Rarely and hardly
2) Do not assume things not said in the question. You can try to infer, but NEVER assume. Everything you need to answer the question is in the question itself.
upvoted 1 times
...
...
...
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
POWNED
1 year agokoala_lay
1 year, 1 month agobradseth
1 year, 2 months agooluchecpoint
1 year, 3 months agoAaronS1990
1 year, 4 months agoAlexJacobson
11 months agoNillanash
1 year, 4 months agoGoseu
1 year, 5 months agorichck102
1 year, 5 months agocangurer
1 year, 9 months ago[Removed]
1 year, 5 months agoBisibaby
1 year, 4 months agoAlexJacobson
11 months ago