SY0-701 · Question #609
SY0-701 Question #609: Real Exam Question with Answer & Explanation
The correct answer is B: Risk register. A risk register is the correct tool because it is a living document designed to track ongoing risks and vulnerabilities over time, including their severity, status, owner, and recommended remediation actions - making it ideal for persistent (unresolved) issues. A. Audit report -
Question
Which of the following should a security team use to document persistent vulnerabilities with related recommendations?
Options
- AAudit report
- BRisk register
- CCompliance report
- DPenetration test
Explanation
A risk register is the correct tool because it is a living document designed to track ongoing risks and vulnerabilities over time, including their severity, status, owner, and recommended remediation actions - making it ideal for persistent (unresolved) issues.
- A. Audit report - a point-in-time snapshot of findings from an audit; it documents what was observed but is not maintained as a continuous tracking tool.
- C. Compliance report - focused on whether controls meet regulatory or policy requirements, not on tracking open vulnerabilities and their mitigations.
- D. Penetration test - an active assessment technique that discovers vulnerabilities; the resulting report captures findings at a moment in time but is not a persistent management document.
Memory tip: Think of a risk register like a bug tracker for security risks - it stays open and gets updated as vulnerabilities persist, are remediated, or change in severity. "Register" implies an ongoing, maintained record, which distinguishes it from one-off reports.
Topics
Community Discussion
No community discussion yet for this question.