Which of the following would BEST provide the needed information?

A Chief Information Officer (CIO) recently saw on the news that a significant security flaws exists with a specific version of a technology the company uses to support many critical application. The CIO wants to know if this reported vulnerability exists in the organization and, if so, to what extent the company could be harmed. Which of the following would BEST provide the needed information?
A. Penetration test
B. Vulnerability scan
C. Active reconnaissance
D. Patching assessment report

How To Pass SY0-601 Exam?

CompTIA SY0-601 PDF dumps.

High quality SY0-601 pdf and software. VALID exam to help you pass.

comptia-exams

One thought on “Which of the following would BEST provide the needed information?

  1. B The CIO want to know 2 things 1) “IF this reported vulnerability exists” and 2) “if so, to what extent the COMPANY could be harmed.” So step 1 would be to run a vulnerability scan to see if the vulnerability exists. Step 2, if verified that the threat exists, determine the extent of harm to the COMPANY. You need a BIA (Business Impact Analysis) to determine the extent of harm to the COMPANY. A pen test would only show the extent of damage to the IT infrastructure, not to the entire COMPANY (short-term, mid-term, long-term). A Business Impact Analysis (BIA) process identifies and evaluates the potential effects (financial, life/safety, regulatory, legal/contractual, reputational and so forth).

    1
    2

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.