A company’s mail server allows anonymous file transfer protocol (FTP) access which could be
exploited. What process should the information security manager deploy to determine the
necessity for remedial action?
A.
A penetration test
B.
A security baseline review
C.
A risk assessment
D.
A business impact analysis (BIA)
Explanation:
A risk assessment will identify- the business impact of such vulnerability being exploited and is,
thus, the correct process. A penetration test or a security baseline review may identify the
vulnerability but not the remedy. A business impact analysis (BIA) will more likely identify the
impact of the loss of the mail server.