Certified Ethical Hacker (CEH v11) — Question 62

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior to the intrusion. This is likely a failure in which of the following security processes?

Answer options

• A. Secure development lifecycle
• B. Security awareness training
• C. Vendor risk management
• D. Patch management

Correct answer: D

Explanation

The correct answer is D, Patch management, because the organization failed to apply the available fix for the known vulnerability, leaving them exposed to the breach. The other options, while important, do not directly address the issue of not updating software with known patches.