CompTIA PenTest+ (PT0-001) — Question 62

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

Answer options

• A. Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.
• B. Identify the issues that can be remediated most quickly and address them first.
• C. Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
• D. Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.

Correct answer: D

Explanation

The best suggestion is to fix the most critical vulnerability first, as it poses the highest risk to the organization. While addressing other vulnerabilities may take longer, prioritizing the most severe threat minimizes potential damage. The other options involve addressing vulnerabilities in a manner that may not adequately mitigate the immediate risks posed by the critical vulnerabilities.