PECB ISO-IEC-27035-Lead-Incident-Manager Exam - Topic 1 Question 9 Discussion

Actual exam question for PECB's ISO-IEC-27035-Lead-Incident-Manager exam

Question #: 9
Topic #: 1

[All ISO-IEC-27035-Lead-Incident-Manager Questions]

How should vulnerabilities lacking corresponding threats be handled?

AThey still require controls and should be promptly addressed

BThey should be disregarded as they pose no risk

CThey may not require controls but should be analyzed and monitored for changes

Show Suggested Answer

Suggested Answer: C

by Shawn at Apr 12, 2026, 11:09 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27035-Lead-Incident-Manager Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Benton

18 days ago

B) Disregarding them seems risky to me.

upvoted 0 times

...

Dana

23 days ago

A) definitely needs controls! Better safe than sorry.

upvoted 0 times

...

Katie

1 month ago

I’m a bit confused; I thought we learned that all vulnerabilities should be treated seriously, but I’m not sure if that means they need controls or just monitoring.

upvoted 0 times

...

Venita

1 month ago

I recall a practice question where we had to decide if vulnerabilities should be addressed, and I think the answer was to analyze them, which sounds like C again.

upvoted 0 times

...

Sherill

2 months ago

I’m not entirely sure, but I feel like we discussed that even if there’s no immediate threat, we shouldn’t just ignore vulnerabilities. Could it be A?

upvoted 0 times

...

Cassi

2 months ago

I think I remember that vulnerabilities without threats still need some level of monitoring, so maybe option C is the right choice?

upvoted 0 times

...