CAS-002 Question #148: Real Exam Question with Answer & Explanation

The correct answer is B: Create an inventory of applications.. Managing zero-day risk requires knowing what you have - an application inventory identifies exposed software, and a critical systems list enables prioritized triage and response. Without knowing what is deployed and what is critical, an organization cannot assess its exposure to

Question

New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).

Options

AEstablish an emergency response call tree.
BCreate an inventory of applications.
CBackup the router and firewall configurations.
DMaintain a list of critical systems.
EUpdate all network diagrams.

Explanation

Managing zero-day risk requires knowing what you have - an application inventory identifies exposed software, and a critical systems list enables prioritized triage and response. Without knowing what is deployed and what is critical, an organization cannot assess its exposure to newly disclosed vulnerabilities.

Common mistakes.

A. An emergency response call tree is a communication tool for after an incident is confirmed; it does not help assess or reduce the risk exposure from a new zero-day.
C. Backing up router and firewall configurations is a recovery practice and does not help identify exposure to a new vulnerability or prioritize response actions.
E. Updating network diagrams is a documentation activity that does not directly help a security manager assess which systems are vulnerable to a newly announced zero-day.

Concept tested. Asset inventory and critical system identification for zero-day risk management

Reference. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Community Discussion

No community discussion yet for this question.

Full CAS-002 Practice