CompTIA CySA+ (CS0-001) — Question 101

A cybersecurity analyst has been asked to follow a corporate process that will be used to manage vulnerabilities for an organization. The analyst notices the policy has not been updated in three years. Which of the following should the analyst check to ensure the policy is still accurate?

Answer options

• A. Threat intelligence reports
• B. Technical constraints
• C. Corporate minutes
• D. Governing regulations

Correct answer: A

Explanation

The correct answer is A because threat intelligence reports provide the latest information on emerging threats and vulnerabilities, helping to ensure the policy remains relevant. Options B, C, and D do not directly address the current threat landscape and may not reflect the latest changes in cybersecurity risks.