Which of the following would be the BEST next step?

A routine vulnerability scan detected a known vulnerability in a critical enterprise web application.

Which of the following would be the BEST next step?
A . Submit a change request to have the system patched
B . Evaluate the risk and criticality to determine it further action is necessary
C . Notify a manager of the breach and initiate emergency procedures.
D . Remove the application from production and Inform the users.

View Answer

Answer: B

Explanation:

A routine vulnerability scan is a process of identifying and assessing known vulnerabilities in a system or network using automated tools or software3 A vulnerability scan does not necessarily mean that there is an active threat or exploit on the system or network, but rather that there are potential weaknesses that could be exploited by attackers. The best next step after a routine vulnerability scan detected a known vulnerability in a critical enterprise web application is to evaluate the risk and criticality of the vulnerability, which means assessing the likelihood and impact of an exploit on the web application, and prioritizing the remediation actions based on the severity and urgency of the vulnerability.

Reference: 3 What Is Vulnerability Scanning? | Qualys