I think the answer should be D. The question is talking about "Identified" threats which mostly means that these are the threats that were identified after installing baseline configurations.
D.. If the vulnerability has been "identified" wouldnt a risk assessment be more reasonable than " enforcing baseline configuration"? when you add "identified" it makes me think we need a risk assessment to ensure that appropriate and effective controls are implemented.
C. Enforcing baseline configurations
Enforcing baseline configurations involves ensuring that all systems and devices within an organization are configured according to a predetermined standard or baseline. This helps in reducing vulnerabilities by eliminating misconfigurations and ensuring that security settings are aligned with best practices.
Reason why answer A is not selected is that updating the business impact analysis (BIA) is related to understanding the impact of disruptions to business operations and is not a direct remediation process for technical vulnerabilities.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Prat1597
1 week, 3 days agoe891cd1
9 months, 1 week agoAlexJacobson
11 months, 3 weeks agoLearner76
1 year agooluchecpoint
1 year, 4 months agooluchecpoint
1 year, 4 months agoSammy65
1 year, 5 months agorichck102
1 year, 7 months agoAbhey
1 year, 8 months agojaiz
1 year, 10 months agoMyKasala
2 years agobaranikumar_v
2 years agotrev0r
2 years, 2 months agoMatini
2 years, 3 months ago