ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 30 discussion

Actual exam question from CompTIA's CS0-001
Question #: 30
Topic #: 1
[All CS0-001 Questions]

Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team.
Which of the following frameworks would BEST support the program? (Choose two.)

  • A. COBIT
  • B. NIST
  • C. ISO 27000 series
  • D. ITIL
  • E. OWASP
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by danierug at Aug. 3, 2019, 6:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
danierug
Highly Voted 5 years, 8 months ago
This should be NIST and ITIL.
upvoted 18 times
...
md3v
Highly Voted 4 years, 7 months ago
Scored a 880 on this exam and had this question. The correct answer is ISO 27000 and NIST. ITIL is a framework for IT Service Management. Nothing to do with vulnerabilities.
upvoted 16 times
...
4ee1800
Most Recent 3 weeks, 5 days ago
Selected Answer: BD
NIST Special Publications (e.g., NIST SP 800-40) offer comprehensive guidance on vulnerability management. ISO 27001 outlines how to build and maintain an Information Security Management System (ISMS), which includes vulnerability management.
upvoted 1 times
...
Blind_Hatred
4 years, 10 months ago
It's definitely not A or E, so that leaves B, C & D. NIST is definitely a right answer, but I have doubts between ISO and ITIL... . https://advisera.com/27001academy/blog/2016/03/07/iso-27001-vs-itil-similarities-and-differences
upvoted 1 times
...
s3curity1
4 years, 10 months ago
This should be NIST and ISO 27000 series. See ISO 27001 control A.12.6.1 for managing vulnerabilities which is focused on Timely identification of vulnerabilities, Assessment of organization’s exposure to a vulnerability, Proper measures considering the associated risks.
upvoted 6 times
...
ashleypride
5 years, 1 month ago
Agree that OWASP is wrong, but if NIST is correct then ISO 27000 should be too.
upvoted 2 times
lupinart
4 years, 11 months ago
ISO 27k is a set of standards not a framework. ITIL and NIST best fit the question as they are frameworks
upvoted 3 times
...
jai_fagundes
4 years, 8 months ago
27002 work with vulnerability not 27000
upvoted 1 times
...
...
Konrad007
5 years, 1 month ago
Agreed with Dan. OWASP is for web apps as KC confirmed.
upvoted 1 times
...
KC
5 years, 2 months ago
Agree with Dan, OWASP is focused on web apps, not an entire security framework.
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago