CISSP Question #1523: Real Exam Question with Answer & Explanation

Submitted by chiamaka_o· Mar 5, 2026CompTIA Security+ / CySA+ - Vulnerability Management and Patch Management Processes (Operations and Incident Response / Security Operations domain)

Question

Drag and Drop Question Order the below steps to create an effective vulnerability management process. Answer:

Explanation

An effective vulnerability management process must follow a logical sequence: first you must know what you have (Identify assets), then understand the threats those assets face (Identify risks), then establish a controlled process for making changes (Implement change management), then actually apply the fixes (Implement patch deployment), and finally set up ongoing monitoring to catch new vulnerabilities (Implement recurring scanning schedule). This order ensures that patches are applied systematically and with proper controls, and that the process becomes a continuous cycle rather than a one-time event. Skipping or reordering any step undermines the integrity of the entire program - for example, patching before understanding risk could lead to misallocated resources, and scanning without change management could cause uncontrolled system changes.

Topics

#Vulnerability Management#Patch Management#Risk Management#Security Operations

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions