nerdexam
Exams350-201Questions#56
Cisco

350-201 · Question #56

350-201 Question #56: Real Exam Question with Answer & Explanation

The correct answer is B: Acknowledge the vulnerabilities and document the risk. Acknowledge issues are those which, for whatever reason, you decide not to resolve at present. There are valid reasons for not immediately resolving a vulnerability, and they should be recorded, along with the reasoning for acknowledging it and a review date given. If the level o

Processes

Question

An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?

Options

  • AInvestigate the vulnerability to prevent further spread
  • BAcknowledge the vulnerabilities and document the risk
  • CApply vendor patches or available hot fixes
  • DIsolate the assets affected in a separate network

Explanation

Acknowledge issues are those which, for whatever reason, you decide not to resolve at present. There are valid reasons for not immediately resolving a vulnerability, and they should be recorded, along with the reasoning for acknowledging it and a review date given. If the level of risk they present is sufficiently high, record the issue in a risk register.

Topics

#vulnerability management#risk acceptance#documentation#risk triage

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201 Practice