🔥 3-day streak
CompTIA CySA+ (CS0-003)130 / 147
Question 130 of 147
A security analyst at a healthcare organization is establishing a vulnerability management program governed by internal policy. The policy states that internet-facing critical assets must have any vulnerability rated CVSS 9.0 or higher remediated within a defined window to reduce exploitation risk, while internal workstations follow a longer timeline. A newly published CVE with a CVSS base score of 9.8 and a known exploit in the wild is discovered on the organization's public-facing patient portal. Which action best aligns with sound vulnerability response and management governance?
Reviewed for accuracy · Report an issueNext question