Certified Ethical Hacker (CEH v12) — Question 298

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior to the intrusion. This is likely a failure in which of the following security processes?

Answer options

• A. Secure development lifecycle
• B. Security awareness training
• C. Vendor risk management
• D. Patch management

Correct answer: D

Explanation

The correct answer is D, Patch management, because failing to apply available patches for known vulnerabilities directly leads to exploitation, as seen in the Equifax breach. The other options, while important, do not directly address the failure to implement the necessary updates to protect against known risks.