nerdexam
CompTIA

CV0-003 · Question #384

An organization wants to be informed of any security exploits open in the cloud virtual environment that is being hosted in the organization's boundary. Which of the following will need to be performe

The correct answer is B. Vulnerability assessment. A vulnerability assessment actively scans systems to identify and report existing security weaknesses and open exploits in an environment.

Security

Question

An organization wants to be informed of any security exploits open in the cloud virtual environment that is being hosted in the organization's boundary. Which of the following will need to be performed?

Options

  • ATabletop exercise
  • BVulnerability assessment
  • CSeparation of duties
  • DAudit review

How the community answered

(32 responses)
  • B
    94% (30)
  • C
    3% (1)
  • D
    3% (1)

Why each option

A vulnerability assessment actively scans systems to identify and report existing security weaknesses and open exploits in an environment.

ATabletop exercise

A tabletop exercise is a discussion-based simulation of an incident response scenario and does not scan or detect actual technical vulnerabilities in a live environment.

BVulnerability assessmentCorrect

A vulnerability assessment is the systematic process of scanning and identifying security weaknesses, misconfigurations, and open exploits in a system or environment. For a cloud virtual environment hosted within the organization's boundary, performing a vulnerability assessment will actively detect exploitable security gaps and produce an actionable findings report. This directly fulfills the requirement to be informed of open security exploits.

CSeparation of duties

Separation of duties is an access control principle that divides critical responsibilities among multiple individuals to reduce insider risk, not a method for detecting open security exploits.

DAudit review

An audit review examines historical logs and compliance records after the fact and does not actively identify or enumerate open exploits in a running environment.

Concept tested: Vulnerability assessment for cloud security

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#vulnerability assessment#cloud security#security scanning#virtual environment

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice