Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam CISM topic 1 question 120 discussion

Actual exam question from Isaca's CISM
Question #: 120
Topic #: 1
[All CISM Questions]

Which of the following BEST indicates an effective vulnerability management program?

  • A. Security incidents are reported in a timely manner.
  • B. Threats are identified accurately.
  • C. Controls are managed proactively.
  • D. Risks are managed within acceptable limits.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
[Removed]
Highly Voted 7 months, 4 weeks ago
Selected Answer: D
"Vulnerability management is the process of systematically and continuously finding weaknesses in an entity's security procedures, systems or networks and taking corrective action. The ultimate goal of vulnerability management is to keep risk at or below the organization's risk tolerance level." - CISM Review Manual, 15th Edition, 2019, page 286.
upvoted 8 times
...
DASH_v
Highly Voted 10 months ago
Selected Answer: C
Vuln is a weakness. To efflectively manage weakness, you need proactive controls. Although vuln is an important factor to reduce risks, there are also multiple other ways to ensure risks are within acceptble level, you can simply avoid or even transfer the risk, which does not relevant to vuln mangement.
upvoted 5 times
...
POWNED
Most Recent 1 month, 3 weeks ago
Selected Answer: C
Look at proactive controls as patch management. That would be the best answer in this situation, going with C
upvoted 1 times
...
oluchecpoint
6 months, 4 weeks ago
C. Controls are managed proactively. While all the options are important aspects of a comprehensive security program, proactively managing controls is at the core of effective vulnerability management.
upvoted 1 times
...
jennarink13
9 months ago
Going with D. The ultimate goal is to reduce risk to an acceptable levels. Hence, effective management of vulnerabilities (implementation of controls) would be greatly indicative of risk reduction to acceptable levels. Option C is just a tool for this objective.
upvoted 2 times
...
sphenixfire
9 months, 2 weeks ago
Selected Answer: B
Relates to weaknesses to be discovered
upvoted 1 times
...
sphenixfire
9 months, 2 weeks ago
Relates to weaknesses to be discovered. So B
upvoted 1 times
...
Saisharan
10 months ago
Option D, "Risks are managed within acceptable limits," is a general statement that applies to overall risk management, including vulnerability management. While managing risks within acceptable limits is an important objective of any security program, it does not specifically indicate the effectiveness of a vulnerability management program. An effective vulnerability management program focuses specifically on identifying, prioritizing, and mitigating vulnerabilities in systems, applications, and networks. It involves activities such as vulnerability scanning, patch management, and vulnerability remediation. By actively managing vulnerabilities, organizations can reduce the likelihood of exploitation and potential impact from security incidents. So the answer would be Option C
upvoted 2 times
...
richck102
10 months, 1 week ago
Selected Answer: D
D. Risks are managed within acceptable limits. or C. Controls are managed proactively.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...