YouTube
shieldCISSP Practice Domain 6 — Security Assessment and Testing Q97 of 120

Which is the BEST first action when a vulnerability scanner reports a high-severity finding on a critical system?

A CISSP practice question covering Domain 6: Security Assessment and Testing. Try answering before reading the explanation below.

Show options & answer
A
Patch immediately without verification
B
Verify the finding, assess exploitability and exposure, then prioritize remediation per change management
✓ Correct answer
C
Ignore until next quarter
D
Disable the system
Why "Verify the finding, assess exploitability and exposure, then prioritize remediation per change management" is the right answer

Verify (confirm not a false positive), assess context (exposure, asset value, exploitability), then remediate via change control. Blind patching can break dependencies; ignoring leaves risk; disabling may be disproportionate.

Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.
Start full test →

Other practice tests

All practice tests CISSP videos Glossary