Question 15
Main Page
The board asks for a summary of risk if patching cannot be performed. What should you provide?
A. Threat model report
B. Business Impact Analysis report
C. Risk treatment plan with compensating controls
D. Detailed system architecture diagram
Answer: Risk treatment plan with compensating controls
If patching is not feasible, risks should be documented and treated via compensating controls in a risk treatment plan.