An organization requires secure configuration baselines for all platforms and technologies that are used. If any system cannot conform to the secure baseline, the organization must process a risk acceptance and receive approval before the system is placed into production. It may have non-conforming systems in its lower environments (development and staging) without risk acceptance, but must receive risk approval before the system is placed in production. Weekly scan reports identify systems that do not conform to any secure baseline.
The application team receives a report with the following results:
There are currently no risk acceptances for baseline deviations. This is a mission-critical application, and the organization cannot operate if the application is not running. The application fully functions in the development and staging environments.
Which of the following actions should the application team take?
A . Remediate 2633 and 3124 immediately.
B . Process a risk acceptance for 2633 and 3124.
C . Process a risk acceptance for 2633 and remediate 3124.
D . Shut down NYAccountingProd and investigate the reason for the different scan results.
Answer: C
Leave a Reply