nerdexam
Cisco

210-255 · Question #139

Which of the following is typically a responsibility of a PSIRT (Product SIRT)?

The correct answer is D. Disclosure vulnerabilities in the organization's products and services. A PSIRT is chartered specifically to receive, investigate, and publicly coordinate disclosure of vulnerabilities found in the organization's own products and services.

Security Policies and Procedures

Question

Which of the following is typically a responsibility of a PSIRT (Product SIRT)?

Options

  • AConfigure the organization's firewall
  • BMonitor security logs
  • CInvestigate security incidents in a SOC
  • DDisclosure vulnerabilities in the organization's products and services

How the community answered

(22 responses)
  • C
    5% (1)
  • D
    95% (21)

Why each option

A PSIRT is chartered specifically to receive, investigate, and publicly coordinate disclosure of vulnerabilities found in the organization's own products and services.

AConfigure the organization's firewall

Configuring firewalls is a network administration or security engineering responsibility, outside the PSIRT scope.

BMonitor security logs

Monitoring security logs is a security operations or SOC analyst function, not a PSIRT responsibility.

CInvestigate security incidents in a SOC

Investigating internal security incidents within a SOC environment is a SOC or incident response team function, not a PSIRT function.

DDisclosure vulnerabilities in the organization's products and servicesCorrect

A Product Security Incident Response Team (PSIRT) focuses on managing the lifecycle of vulnerability disclosures affecting the organization's own products or services, coordinating with external researchers, issuing CVEs, and publishing security advisories or patches. This vendor-facing vulnerability management role is the defining function that separates a PSIRT from a general SOC or IR team.

Concept tested: PSIRT role in product vulnerability disclosure

Source: https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1

Topics

#PSIRT#vulnerability disclosure#product security#security team roles

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice