You are preparing a vulnerability management report and must communicate the impact of remediating a newly discovered vulnerability that affects multiple critical systems. Remediation efforts could result in a temporary degradation of functionality for these systems. Which approach would be MOST effective for prioritizing the remediation actions without adversely impacting business operations?
Force immediate but temporary updates on all systems simultaneously to ensure no system remains vulnerable, accepting the risk of degrading functionality.
Delay all system updates until a comprehensive evaluation of the long-term impact on each system can be completed.
Implement a staged rollout, beginning with less critical systems to monitor for functional degradation and incrementally advance to more critical systems.
Patch low-impact and non-critical systems first to minimize business operation disruptions, while deferring updates on critical systems indefinitely.
The correct answer is A. Using a staged rollout approach based on system criticality ensures that the most critical systems are updated with consideration for their operational importance, allowing for the assessment and mitigation of potential functional deterioration on less critical systems before wider deployment. B is incorrect because prioritizing low-impact systems may leave critical vulnerabilities unaddressed in the most crucial systems. C is incorrect since delaying the update entirely ignores the vulnerability's risks. D can be incorrect because forcing immediate updates on all systems at once does not account for the potential negative impact on business operations and does not allow for proper testing and mitigation planning.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is vulnerability management?
Open an interactive chat with Bash
What does a staged rollout involve?
Open an interactive chat with Bash
Why is it important to consider system criticality in remediation?