nerdexam
PECB

ISO-IEC-27001-LEAD-AUDITOR · Question #299

ISO-IEC-27001-LEAD-AUDITOR Question #299: Real Exam Question with Answer & Explanation

The correct answer is C. All vulnerabilities require immediate implementation of controls regardless of corresponding. Not all vulnerabilities require immediate remediation. Risk assessment determines whether controls are necessary. Some vulnerabilities pose low risks and may not need urgent fixes.

Question

Which of the following statements regarding threats and vulnerabilities in information security is NOT correct?

Options

  • AVulnerabilities can be intrinsic or extrinsic, related to the characteristics of the asset or to external
  • BThreats must exploit a vulnerability to have a negative impact on the confidentiality, integrity,
  • CAll vulnerabilities require immediate implementation of controls regardless of corresponding

Explanation

Not all vulnerabilities require immediate remediation. Risk assessment determines whether controls are necessary. Some vulnerabilities pose low risks and may not need urgent fixes.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full ISO-IEC-27001-LEAD-AUDITOR Practice