CISA Question #387: Real Exam Question with Answer & Explanation

Sign in or unlock CISA to reveal the answer and full explanation for question #387. The question stem and answer options stay visible for context.

Submitted by noor.lb· Apr 18, 2026Protection of Information Assets

Question

A zero-day vulnerability with a critical severity score has been published for a core business application. Which of the following should be done FIRST to address this vulnerability?

Options

AIdentify the version of software the organization is using
BInitiate the organization's incident response plan
CWork with the vendor to deploy patches in the production environment
DPropose risk acceptance until a patch is deployed

Unlock CISA to see the answer

You've previewed enough free CISA questions. Unlock CISA for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CISA - $49.99 / 30 days Sign in

Topics

#Vulnerability Management#Security Incident Response#Asset Identification

Full CISA Practice Browse All CISA Questions