Certified in Risk and Information Systems Control (CRISC) — Question 1400

Numerous media reports indicate a recently discovered technical vulnerability is being actively exploited. Which of the following would be the BEST response to this scenario?

Answer options

• A. Assess the vulnerability management process
• B. Conduct a control self-assessment
• C. Reassess the inherent risk of the target
• D. Conduct a vulnerability assessment

Correct answer: D

Explanation

The best response is to conduct a vulnerability assessment, as it allows for the identification and evaluation of the specific vulnerabilities being exploited. While assessing the vulnerability management process and inherent risk are important, they do not directly address the immediate need to understand and mitigate the current threat posed by the actively exploited vulnerability.