Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. PECB
  4. ISO 27001
  5. ISO-IEC-27001-Lead-Auditor Discussions
  6. ISO-IEC-27001-Lead-Auditor Exam Topic 11 Question 107 Discussion

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 107 Topic 11 Discussion

 PECB Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 107 Topic 11 Discussion

ISO-IEC-27001-Lead-Auditor Exam Topic 11 Question 107 Discussion:
Question #: 107
Topic #: 11

Question

A security analyst is performing a penetration test on an organization’s internal network. A vulnerability scanning tool detects a high-risk vulnerability in a critical server, suggesting it could allow remote code execution. However, the penetration tester is unable to exploit the vulnerability successfully due to unknown system configurations and patch levels.

Should the company immediately consider this vulnerability as a confirmed security risk?
A.

Yes, because findings from vulnerability scanning tools must always be considered confirmed security risks.

B.

No, because failed exploitation means that the vulnerability does not exist.

C.

No, because penetration tools can give false results unless the vulnerability is successfully exploited.

Get Premium ISO-IEC-27001-Lead-Auditor Questions
Actual exam question for PECB ISO-IEC-27001-Lead-Auditor exam by Talon2754 at Jan 31, 2026, 5:22:36 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next