CompTIA CySA+ (CS0-003) — Question 1

The Chief Executive Officer of an organization recently heard that exploitation of new attacks in the industry was happening approximately 45 days after a patch was released. Which of the following would best protect this organization?

Answer options

• A. A mean time to remediate of 30 days
• B. A mean time to detect of 45 days
• C. A mean time to respond of 15 days
• D. Third-party application testing

Correct answer: A

Explanation

A mean time to remediate of 30 days would ensure that vulnerabilities are addressed before they can be exploited, as it is shorter than the 45-day window. A mean time to detect of 45 days is not proactive enough, as it aligns with the timeline of potential attacks. A mean time to respond of 15 days is also insufficient if the remediation takes longer than that. Third-party application testing does not directly address the need to quickly remediate known vulnerabilities.