Certified Information Security Manager (CISM) — Question 1099

Following an unsuccessful denial of service (DoS) attack, identified weaknesses should be:

Answer options

• A. noted and re-examined later if similar weaknesses are found
• B. tracked and reported on until their final resolution
• C. quickly resolved and eliminated regardless of cost
• D. documented in security awareness programs

Correct answer: B

Explanation

The correct answer is B because tracking and reporting vulnerabilities ensures they are addressed effectively and prevents future incidents. Option A is insufficient as it suggests a passive approach, while C overlooks the need for a cost-effective resolution strategy. Option D does not focus on the active management of vulnerabilities.