A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.
Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)
A . Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities.
B . Remove the servers reported to have high and medium vulnerabilities.
C . Tag the computers with critical findings as a business risk acceptance.
D . Manually patch the computers on the network, as recommended on the CVE website.
E . Harden the hosts on the network, as recommended by the NIST framework.
F . Resolve the monthly job issues and test them before applying them to the production network.
Answer: C,E
Leave a Reply