Certified Information Security Manager (CISM) — Question 1101

Which of the following risk assessment findings for an online-only business should be given the HIGHEST priority to address availability concerns?

Answer options

• A. The back office system that processes payments to providers has slowed.
• B. The web server for the online store was found to be vulnerable to distributed denial of service (DDoS) attacks.
• C. Email authentication through a connector to a single sign-on (SSO) service has a history of failure.
• D. The access point for the visitor WiFi network has several unpatched vulnerabilities.

Correct answer: B

Explanation

The correct answer is B because a vulnerability to DDoS attacks directly threatens the availability of the online store, potentially leading to downtime and loss of revenue. While the other options are concerning, they do not pose an immediate and severe risk to the overall availability of the business like a DDoS vulnerability does.