Question 50
Main Page
A critical vulnerability cannot be patched due to operational constraints. What's a valid CISO response?
A. Disable user accounts
B. Accept the risk with no further action
C. Document and apply compensating controls
D. Block internet access for all systems
Answer: Document and apply compensating controls
When patching isn't feasible, compensating controls must be documented and applied as part of risk treatment.