CRISC Question #451: Real Exam Question with Answer & Explanation

Question

Which of the following is the BEST key performance indicator (KPI) for a server patch management process?

Options

• AThe percentage of servers with allowed patching exceptions
• BThe number of servers with local credentials to install patches
• CThe percentage of servers patched within required service level agreements
• DThe number of servers running the software patching service

Explanation

A key performance indicator (KPI) for server patch management should effectively measure the success and timeliness of patching efforts.

Common mistakes.

• A. While important for understanding exceptions, this doesn't measure the performance of the patching process itself but rather the number of allowed deviations.
• B. The presence of local credentials for patch installation is a security configuration detail, not a direct measure of patching process performance or effectiveness.
• D. This indicates the coverage of the patching service, but not the actual success or timeliness of patch deployment to meet required SLAs.

Concept tested. Key Performance Indicators (KPIs) for security operations

No community discussion yet for this question.