A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services.The scan reports include the following critical-rated vulnerability: Title: Remote Command Execution vulnerability in web server Rating: Critical (CVSS 10.0)Threat actor: any remote user of the web serverConfidence: certain -Recommendation: apply vendor patchesWhich of the following actions should the security analyst perform FIRST?
A. Escalate the issue to senior management.
B. Apply organizational context to the risk rating.
C. Organize for urgent out-of-cycle patching.
D. Exploit the server to check whether it is a false positive.
Answer: B. Apply organizational context to the risk rating.
You might also like to view...
A __________ is an example of a NORMA system.
a) network of computers b) system with a large number of processors that share physical memory. Access to memory modules local to a processor is much faster than access to global memory modules. c) distributed system d) dual-processor personal computer
Which of the following is NOT a good practice when creating a template?
A) Using cell references in formulas B) Locking view settings C) Including instructions D) Using descriptive labels
What utility can be used to intercept detailed information from a company's Web site?
A. JavaAttack B. Zed Attack Proxy C. Trace D. WebAnalysis
Explain the use of pop-up windows.?
What will be an ideal response?