CS0-003
Reporting and Communication
medium
Question 6 of 16

A compliance report for a financial services organization indicates a vulnerability remediation inhibitor due to a legacy system that cannot be patched because it lacks vendor support. Which communication approach is most appropriate?

ADocument the risk as a formal exception with a compensating control plan and escalate to leadership for acceptance
BDelete the finding from the compliance report to avoid regulatory scrutiny
CImmediately decommission the legacy system without a migration plan
DReclassify the vulnerability as low severity to reduce reporting urgency

More Reporting and Communication Questions

16 questions

Full CompTIA CySA+ Practice Test

All topics covered

All CompTIA CySA+ Questions

Browse by topic

Related Questions

What is the primary purpose of a vulnerability management report provided to executive stakeholders?...

easy

Which term describes the measurable values used to evaluate how effectively an organization is achie...

easy

After a significant security incident, the incident response team must formally notify senior leader...

medium

A security analyst must communicate the results of a vulnerability assessment to a non-technical bus...

medium

During a post-incident review, the team identifies that the initial detection time was significantly...

medium
View all Reporting and Communication questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account