CS0-003
Reporting and Communication
hard
Question 3 of 16

An organization's security team has completed a vulnerability assessment and found that 30% of critical vulnerabilities remain unpatched beyond the SLO of 30 days for critical findings. The CISO asks the analyst to identify inhibitors to remediation. Which analysis should the analyst perform?

AReview change management processes, resource constraints, patch testing delays, and vendor support gaps that delay remediation beyond SLO
BCalculate the CVSS base score for each unpatched vulnerability only
CCompare the organization's patch count to industry benchmarks
DReview which analysts were on duty when the SLO deadline passed

More Reporting and Communication Questions

16 questions

Full CompTIA CySA+ Practice Test

All topics covered

All CompTIA CySA+ Questions

Browse by topic

Related Questions

What is the primary purpose of a vulnerability management report provided to executive stakeholders?...

easy

Which term describes the measurable values used to evaluate how effectively an organization is achie...

easy

After a significant security incident, the incident response team must formally notify senior leader...

medium

A security analyst must communicate the results of a vulnerability assessment to a non-technical bus...

medium

During a post-incident review, the team identifies that the initial detection time was significantly...

medium
View all Reporting and Communication questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account