Exam CISM topic 1 question 164 discussion

D should be correct. I missed this one, but after thinking about it, it make sense. a Zero-Day attack means that there are no anti-virus methods for it and there are no patches available to fix the problem. C is disrupting operations (which is never the answer) leaving us with D. Just the thought of selecting "work-around" as an answer makes me not feel good, but in this case, I understand.

B B talks about the emergency process which means when the patch is released they will patch in high prioritized

Few of these folks are right in pointing out that a zero-day attack exploits a previously unknown vulnerability for which no specific patch is available at the time of the attack. However, an emergency patch deployment process (B) as a critical requirement in a response process doesn't necessarily mean immediate availability of a security patch specifically for the zero-day vulnerability. Instead, it refers to the capability and readiness of an IT team to swiftly apply patches or security updates as soon as they are released after the vulnerability becomes known. The initial response to a zero-day attack also includes the prompt implementation of any possible workarounds or mitigations that security communities or vendors might suggest in the absence of a patch. This ensures that once either a patch becomes available or an effective mitigation strategy is devised, the organization can respond immediately, minimizing potential damage.

My concern to D is how security team provides an IT workaround solution? It should be the business team works with IT Infrastructure team, security can help to evaluate it.

"A" does not make sense if it's a Zero day issue "B" does not make sense, there is no patch "C" is not realistic... D. is the correct one

Selected Answer: D when a zero-day vulnerability breaks out then no patch is immediately available, so tailored containment and mitigation workarounds are applied e.g. Log4J

Its regarding a process not the response itself. Have a emergeny patch process is essential to fox asap a patch is available

D. The information security team implements recommended workarounds.

Zero-day vulnerabilities are security vulnerabilities that are discovered by attackers before the software vendor becomes aware of them. These vulnerabilities pose a significant risk as there is no available patch or fix from the vendor at the time of discovery. Therefore, it is crucial to have an effective and efficient process in place to respond to zero-day vulnerabilities. Implementing an emergency patch deployment process allows the IT team to rapidly deploy patches or temporary fixes to mitigate the risk associated with the zero-day vulnerability. This helps to close the security gap and protect systems and data from potential attacks.

Of the options listed, implementing an emergency patch deployment process (Option B) is the most important requirement when establishing a process for responding to zero-day vulnerabilities. This ensures that patches are deployed as soon as they become available, reducing the time window for attackers to exploit the vulnerability.