Multiple Choice
A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO) . The CISO's first project after onboarding involved performing a vulnerability assessment against the company's public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases. Which of the following BEST addresses these concerns?
A) The company should plan future maintenance windows such legacy application can be updated as needed.
B) The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company.
C) The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.
D) The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.
Correct Answer:
Verified
Correct Answer:
Verified
Q91: A systems administrator receives an advisory email
Q92: Which of the following describes a contract
Q93: An organization has recently deployed an EDR
Q94: A Chief Information Security Officer (CISO) needs
Q95: A company relies on an ICS to
Q97: A recent overview of the network's security
Q98: A cybersecurity consulting company supports a diverse
Q99: A security architect is determining the best
Q100: A security consultant is improving the physical
Q101: During a security assessment, activities were divided