Certified Ethical Hacker (CEH v12) — Question 149

A large organization has recently performed a vulnerability assessment using Nessus Professional, and the security team is now preparing the final report. They have identified a high-risk vulnerability, named XYZ, which could potentially allow unauthorized access to the network. In preparing the report, which of the following elements would NOT be typically included in the detailed documentation for this specific vulnerability?

Answer options

• A. Proof of concept (PoC) of the vulnerability, if possible, to demonstrate its potential impact on the system.
• B. The total number of high, medium, and low-risk vulnerabilities detected throughout the network.
• C. The list of all affected systems within the organization that are susceptible to the identified vulnerability.
• D. The CVE ID of the vulnerability and its mapping to the vulnerability's name, XYZ.

Correct answer: B

Explanation

Option B is correct because while it's important to know the total number of vulnerabilities, this information is generally not specific to the detailed documentation of a single vulnerability like XYZ. The other options (A, C, and D) provide critical insights directly related to the vulnerability in question, such as its impact, affected systems, and identification details.