Certified Information Systems Security Professional (CISSP) — Question 300

A scan report returned multiple vulnerabilities affecting several production servers that are mission critical. Attempts to apply the patches in the development environment have caused the servers to crash. What is the BEST course of action?

Answer options

• A. Mitigate the risks with compensating controls.
• B. Upgrade the software affected by the vulnerability.
• C. Remove the affected software from the servers.
• D. Inform management of possible risks.

Correct answer: A

Explanation

The best course of action is to mitigate the risks with compensating controls as it allows you to manage vulnerabilities without risking server stability. Upgrading the software could lead to further issues, while removing the software might not be feasible for mission-critical operations. Informing management is important, but it does not address the immediate risk effectively.