Exam CS0-003 topic 1 question 148 discussion

Vulnerability MUST be present, so BCD, highest priority first but D has mitigating controls so now BC, C has no mitigating controls and both medium so it is the choice for prioritization

C i the correct answer

C is the correct answear. In group A there is no vulnerabilities so that's why iI excluded it.

answer is C. Group B and Group D have mitigating controls in place for their vulnerabilities. Group A and Group C don't have mitigating controls in place. Asset Value: Both Group B and Group C have medium asset value.

I vote c

A is so blatantly wrong it's funny.

Groups B, C, and D have vulnerability. Groups B and D have controls in place for mitigating the vulnerability. Residual risk is not mentioned. Group C does not have controls in place to mitigate the vulnerability. So the answer is C.

After revising the question, I change the answer to C.

Another trick question. I think you should consider the answer Group D - This group should be prioritized because it has vulnerabilities present in high-value assets and also has mitigation controls available. This means it is crucial to ensure these high-value assets are protected or as quickly as possible. Therefore, the prioritization order would be D, B, C and, lastly, A.

The security analyst should prioritize deploying compensating controls to the groups with higher asset value and where vulnerabilities are present. Based on the information provided, the highest priority should be given to Group C because it has vulnerabilities without any mitigating controls, and it has a medium asset value. Therefore, the correct choice is Group C.