Certified Ethical Hacker (CEH v12) — Question 72

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities.
Which phase of the vulnerability-management life cycle is David currently in?

Answer options

• A. Remediation
• B. Verification
• C. Risk assessment
• D. Vulnerability scan

Correct answer: A

Explanation

David is in the Remediation phase, as he is actively applying fixes to vulnerable systems to address identified issues. The Verification phase involves checking if the fixes are effective, the Risk assessment phase focuses on identifying and analyzing risks, and the Vulnerability scan phase is about discovering vulnerabilities, not fixing them.