Home » Isaca » CISM » Which of the following should be the immediate action of the information security manager?
A serious vulnerability is reported in the firewall software used by an organization. Which of the following should be the immediate action of the information security manager?
A. Ensure that all OS patches are up-to-date
B. Block inbound traffic until a suitable solution is found
C. Obtain guidance from the firewall manufacturer
D. Commission a penetration test
Correct Answer: C
Explanation/Reference:
The best source of information is the firewall manufacturer since the manufacturer may have a patch to fix the vulnerability or a workaround solution. Ensuring dial all OS patches are up-to-date is a best practice, in general, but will not necessarily address the reported vulnerability. Blocking inbound traffic may not be practical or effective from a business perspective. Commissioning a penetration test will take too much time and will not necessarily provide a solution for corrective actions.
Download Printable PDF. VALID exam to help you PASS.
|
|
Before contacting the manufacturer for guidance, the best immediate action should be to ensure there is no patch already available for all OS, including the OS of the firewall. The best answer therefore should be A.