Certified Information Security Manager (CISM) — Question 11

Which of the following processes can be used to remediate identified technical vulnerabilities?

Answer options

• A. Updating the business impact analysis (BIA)
• B. Performing penetration testing
• C. Enforcing baseline configurations
• D. Conducting a risk assessment

Correct answer: C

Explanation

Enforcing baseline configurations is the correct answer because it involves establishing standard settings to minimize vulnerabilities. Updating the BIA, performing penetration testing, and conducting a risk assessment are important activities, but they do not directly fix the identified vulnerabilities.