A company’s mail server allows anonymous file transfer protocol (FTP) access which could be
exploited. What process should the information security manager deploy to determine the
necessity for remedial action?

A.
A penetration test

B.
A security baseline review

C.
A risk assessment

D.
A business impact analysis (BIA)

Explanation:

A risk assessment will identify- the business impact of such vulnerability being exploited and is,
thus, the correct process. A penetration test or a security baseline review may identify the
vulnerability but not the remedy. A business impact analysis (BIA) will more likely identify the
impact of the loss of the mail server.