🔥 3-day streak
CompTIA CySA+ (CS0-003)110 / 147
Question 110 of 147

A vulnerability scan of an internal ERP server reveals a medium-severity flaw with no available vendor patch. Remediation would require an application rewrite that the vendor cannot deliver for 18 months. The system is behind multiple network segmentation controls, and business leadership has decided the cost of replacing the ERP now outweighs the residual risk. As the security analyst, what is the MOST appropriate way to formally handle this vulnerability within the vulnerability management program?

Reviewed for accuracy · Report an issueNext question