nerdexam
Exams210-255Questions#139
Cisco

210-255 · Question #139

210-255 Question #139: Real Exam Question with Answer & Explanation

The correct answer is D: Disclosure vulnerabilities in the organization's products and services. A PSIRT is chartered specifically to receive, investigate, and publicly coordinate disclosure of vulnerabilities found in the organization's own products and services.

Security Policies and Procedures

Question

Which of the following is typically a responsibility of a PSIRT (Product SIRT)?

Options

  • AConfigure the organization's firewall
  • BMonitor security logs
  • CInvestigate security incidents in a SOC
  • DDisclosure vulnerabilities in the organization's products and services

Explanation

A PSIRT is chartered specifically to receive, investigate, and publicly coordinate disclosure of vulnerabilities found in the organization's own products and services.

Common mistakes.

  • A. Configuring firewalls is a network administration or security engineering responsibility, outside the PSIRT scope.
  • B. Monitoring security logs is a security operations or SOC analyst function, not a PSIRT responsibility.
  • C. Investigating internal security incidents within a SOC environment is a SOC or incident response team function, not a PSIRT function.

Concept tested. PSIRT role in product vulnerability disclosure

Reference. https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1

Topics

#PSIRT#vulnerability disclosure#product security#security team roles

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice