CertNexus Certified Cyber Secure Coder (CSC) — Question 39

During which phase of a vulnerability assessment would a security consultant need to document a requirement to retain a legacy device that is no longer supported and cannot be taken offline?

Answer options

• A. Conducting post-assessment tasks
• B. Determining scope
• C. Identifying critical assets
• D. Performing a vulnerability scan

Correct answer: C

Explanation

The correct answer is C, as identifying critical assets involves recognizing devices that are essential to operations, including those that are outdated and unsupported. Options A and D are related to activities that occur after the assessment or during the scanning phase, while B focuses on defining the assessment's boundaries rather than asset identification.