Cisco
300-745 · Question #40
300-745 Question #40: Real Exam Question with Answer & Explanation
The correct answer is C. Confirm impact by validating presence of the product in company's environment. The first step after a vulnerability disclosure is to validate whether the affected product exists in the organization's environment. This ensures the vulnerability is relevant before applying patches or notifying stakeholders, preventing wasted effort and focusing on actual expo
Question
The network security team of a private university is conducting a comprehensive audit to evaluate the security posture across the network infrastructure. During the review, the security team found that a trusted vendor disclosed serious vulnerabilities identified in a product that plays a crucial role in the university's CI/CD pipeline. The security team must act promptly to mitigate the potential risks posed by these vulnerabilities. Which action must the security team take first in response to the disclosure?
Options
- ALeverage IDS to measure the impact of the vulnerability.
- BNotify customers of the impact and its source
- CConfirm impact by validating presence of the product in company's environment
- DPatch the impacted product as soon as possible
Explanation
The first step after a vulnerability disclosure is to validate whether the affected product exists in the organization's environment. This ensures the vulnerability is relevant before applying patches or notifying stakeholders, preventing wasted effort and focusing on actual exposure.
Community Discussion
No community discussion yet for this question.