CompTIA CySA+ (CS0-003) — Question 249

Several critical bugs were identified during a vulnerability scan. The SLA risk requirement is that all critical vulnerabilities should be patched within 24 hours. After sending a notification to the asset owners, the patch cannot be deployed due to planned, routine system upgrades. Which of the following is the best method to remediate the bugs?

Answer options

• A. Reschedule the upgrade and deploy the patch.
• B. Request an exception to exclude the patch from installation.
• C. Update the risk register and request a change to the SLA.
• D. Notify the incident response team and rerun the vulnerability scan.

Correct answer: A

Explanation

The correct answer is A because rescheduling the upgrade allows for the immediate application of the critical patch, adhering to the SLA requirement. Option B is inappropriate as it disregards the urgency of the vulnerabilities. Option C does not address the immediate risk posed by the critical bugs, and option D fails to remediate the vulnerabilities in a timely manner.