KT-SYS Patch management

CISA adds a VPN vendor CVE to KEV; your appliance is two versions behind. Priority?

Multiple choice — select one answer

Answer choices

  1. a. Disable automatic updates on the VPN to prevent unexpected reboots during holidays, without security or identity team coordination per policy.
  2. b. Emergency patch or isolate VPN per vendor advisory within hours, not next quarter
  3. c. Publish the CVE internally but defer patching until budget approval next year, without security or identity team coordination per policy.
  4. d. Wait for the next penetration test to validate exploitability in your environment, without security or identity team coordination per policy.

Architectural breakdown & explanation

Known exploited vulnerabilities on edge VPNs are top patching priority.

Correct answer(s): b. Emergency patch or isolate VPN per vendor advisory within hours, not next quarter

Exam domain: Patch management (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — System Hygiene bank. Run a full timed practice exam with domain-weighted random questions in your browser.