CompTIA CySA+ (CS0-002) — Question 154

A security analyst at a technology solutions firm has uncovered the same vulnerabilities on a vulnerability scan for a long period of time. The vulnerabilities are on systems that are dedicated to the firm's largest client. Which of the following is MOST likely inhibiting the remediation efforts?

Answer options

• A. The parties have an MOU between them that could prevent shutting down the systems
• B. There is a potential disruption of the vendor-client relationship
• C. Patches for the vulnerabilities have not been fully tested by the software vendor
• D. There is an SLA with the client that allows very little downtime

Correct answer: D

Explanation

The correct answer is D because an SLA (Service Level Agreement) often stipulates the maximum allowable downtime, making remediation efforts challenging without impacting service. Options A, B, and C may present issues, but they do not directly address the immediate operational constraints imposed by the SLA.