CompTIA CySA+ (CS0-001) — Question 268

The security team for a large, international organization is developing a vulnerability management program. The development staff has expressed concern that the new program will cause service interruptions and downtime as vulnerabilities are remedied.
Which of the following should the security team implement FIRST as a core component of the remediation process to address this concern?

Answer options

• A. Automated patch management
• B. Change control procedures
• C. Security regression testing
• D. Isolation of vulnerable servers

Correct answer: C

Explanation

Implementing Security regression testing first is crucial because it ensures that any patches or changes made to fix vulnerabilities do not negatively impact existing services. Automated patch management, change control procedures, and isolation of vulnerable servers are important, but without regression testing, there's a risk of introducing new issues during remediation.