1d • 🙋♂️ CISSP
CISSP Practice Question (Domain 6: Security Assessment and Testing)
An internal audit reveals that quarterly vulnerability scans are completed on schedule, but 40% of critical findings remain unremediated past SLA. The vulnerability management team reports the metrics as "green" because scans were performed. As the CISO, what is the BEST corrective action?
A. Reduce scan frequency until remediation capacity catches up
B. Redefine the program metrics to measure remediation outcomes, not scan activity
C. Escalate overdue findings directly to system owners' executives
D. Outsource remediation to a managed security service provider
Come back for the answer tomorrow, or study more now!
0
13 comments
CISSP Practice Question (Domain 6: Security Assessment and Testing)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+43
2
+35
3
+33
4
+31
5
+30
Powered by