Vulnerability Management — CISSP Practice Questions
Vulnerability management is the continuous process of identifying, classifying, prioritizing, remediating, and verifying security weaknesses in systems, software, and configurations. The CISSP exam addresses vulnerability management within the context of risk management and security operations, and candidates must understand the full lifecycle from asset inventory and scanning through patch management and verification. Key concepts include the CVSS scoring system, zero-day vulnerabilities, patch prioritization based on business risk, and the distinction between a vulnerability, a threat, and a risk. Effective vulnerability management reduces the attack surface and is a core operational security responsibility.
Free questions on vulnerability management
What is the main purpose of vulnerability management?
Free question · easy · full answer + explanation
More vulnerability management questions in the full bank
- A security operations team discovers that several systems are running outdated software with known critical vulnerabilities. What should be the PRIMARY remediation action? Unlock answer & explanation →
- What is the purpose of security testing in the SDLC? Unlock answer & explanation →
- What is the purpose of a software bill of materials (SBOM)? Unlock answer & explanation →