An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?
A.
Postpone the implementation until the vulnerability has been fixed.
B.
Commission further penetration tests to validate initial test results.
C.
Assess whether the vulnerability is within the organization's risk tolerance levels.
D.
Implement the application and request the cloud service provider to fix the vulnerability.
The Questions says: "..high-rated vulnerability. Which of the following would be the BEST way to proceed?"
so it's already known as high not risk tolerance in my opinion accept high-rated vulnerability
Moreover the key word is "BEST way to proceed" not saying the first
So the answer more to be:
D. Implement the application and request the cloud service provider to fix the vulnerability.
C. Assess whether the vulnerability is within the organization's risk tolerance levels.
Ultimately, the decision should be based on a comprehensive understanding of the vulnerability's impact on the organization's security posture and its ability to function effectively with the vulnerability in place.
The best way to proceed would be to assess whether the vulnerability is within the organization's risk tolerance levels. If the vulnerability is within the organization's risk tolerance levels, then the organization can proceed with the implementation of the cloud-based application. If the vulnerability is not within the organization's risk tolerance levels, then the organization can either postpone the implementation until the vulnerability has been fixed or commission further penetration tests to validate the initial test results.
C. Assess whether the vulnerability is within the organization's risk tolerance levels.
The best way to proceed in this situation is to assess whether the vulnerability is within the organization's risk tolerance levels. This will involve considering the severity of the vulnerability, the likelihood of it being exploited, and the impact of a successful attack. If the vulnerability is not within the organization's risk tolerance levels, then the implementation of the cloud-based application should be postponed until the vulnerability has been fixed.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jcisco123
9 months, 2 weeks agotestersaj
1 year agooluchecpoint
1 year, 1 month agorichck102
1 year, 3 months agokoala_lay
1 year, 4 months agoJae_kes
1 year, 4 months agojcmu11
1 year, 5 months ago