CV0-003 · Question #384
An organization wants to be informed of any security exploits open in the cloud virtual environment that is being hosted in the organization's boundary. Which of the following will need to be performe
The correct answer is B. Vulnerability assessment. A vulnerability assessment actively scans systems to identify and report existing security weaknesses and open exploits in an environment.
Question
An organization wants to be informed of any security exploits open in the cloud virtual environment that is being hosted in the organization's boundary. Which of the following will need to be performed?
Options
- ATabletop exercise
- BVulnerability assessment
- CSeparation of duties
- DAudit review
How the community answered
(32 responses)- B94% (30)
- C3% (1)
- D3% (1)
Why each option
A vulnerability assessment actively scans systems to identify and report existing security weaknesses and open exploits in an environment.
A tabletop exercise is a discussion-based simulation of an incident response scenario and does not scan or detect actual technical vulnerabilities in a live environment.
A vulnerability assessment is the systematic process of scanning and identifying security weaknesses, misconfigurations, and open exploits in a system or environment. For a cloud virtual environment hosted within the organization's boundary, performing a vulnerability assessment will actively detect exploitable security gaps and produce an actionable findings report. This directly fulfills the requirement to be informed of open security exploits.
Separation of duties is an access control principle that divides critical responsibilities among multiple individuals to reduce insider risk, not a method for detecting open security exploits.
An audit review examines historical logs and compliance records after the fact and does not actively identify or enumerate open exploits in a running environment.
Concept tested: Vulnerability assessment for cloud security
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.