CS0-003 Question #400: Real Exam Question with Answer & Explanation

Sign in or unlock CS0-003 to reveal the answer and full explanation for question #400. The question stem and answer options stay visible for context.

Submitted by akirajp· Mar 6, 2026Vulnerability Management

Question

During an internal code review, software called "ACE" was discovered to have a vulnerability that allows the execution of arbitrary code. The vulnerability is in a legacy, third-party vendor resource that is used by the ACE software. ACE is used worldwide and is essential for many businesses in this industry. Developers informed the Chief Information Security Officer that removal of the vulnerability will take time. Which of the following is the first action to take?

Options

ALook for potential loCs in the company.
BInform customers of the vulnerability.
CRemove the affected vendor resource from the ACE software.
DDevelop a compensating control until the issue can be fixed permanently.

Unlock CS0-003 to see the answer

You've previewed enough free CS0-003 questions. Unlock CS0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CS0-003 - $49.99 / 30 days Sign in

Topics

#vulnerability management#risk mitigation#compensating controls#software supply chain

Full CS0-003 Practice Browse All CS0-003 Questions