Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 3

An engineer is going through vulnerability triage with company management because of a recent malware outbreak from which 21 affected assets need to be patched or remediated. Management decides not to prioritize fixing the assets and accepts the vulnerabilities. What is the next step the engineer should take?

Answer options

• A. Investigate the vulnerability to prevent further spread
• B. Acknowledge the vulnerabilities and document the risk
• C. Apply vendor patches or available hot fixes
• D. Isolate the assets affected in a separate network

Correct answer: B

Explanation

The correct answer is B because after management decides to accept the risks, it is crucial to acknowledge and document those vulnerabilities for future reference and accountability. Options A, C, and D involve taking actions that assume the vulnerabilities will be addressed, which contradicts the management's decision to not prioritize fixing them.