Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 127

A company recently completed an internal audit and discovered that there is CSRF vulnerability in 20 of its hosted applications. Based on the audit, which recommendation should an engineer make for patching?

Answer options

• A. Identify the business applications running on the assets
• B. Update software to patch third-party software
• C. Validate CSRF by executing exploits within Metasploit
• D. Fix applications according to the risk scores

Correct answer: D

Explanation

The correct answer is D because fixing applications based on their risk scores allows for prioritizing the most critical vulnerabilities first. Option A does not directly address the vulnerabilities, while B focuses on third-party software which may not resolve the internal issues. Option C is not a patching recommendation but rather a testing method.