Certified Ethical Hacker (CEH v13) — Question 35

A large organization has recently performed a vulnerability assessment using Nessus Professional, and the security team is now preparing the final report. They have identified a high-risk vulnerability, named XYZ, which could potentially allow unauthorized access to the network. In preparing the report, which of the following elements would NOT be typically included in the detailed documentation for this specific vulnerability?

Answer options

• A. Proof of concept (PoC) of the vulnerability, if possible, to demonstrate its potential impact on the system.
• B. The total number of high, medium, and low-risk vulnerabilities detected throughout the network.
• C. The list of all affected systems within the organization that are susceptible to the identified vulnerability.
• D. The CVE ID of the vulnerability and its mapping to the vulnerability's name, XYZ.

Correct answer: B

Explanation

The correct answer is B because the report should focus on the specific vulnerability (XYZ) and its impact rather than providing a general overview of all vulnerabilities detected. Options A, C, and D are relevant to the specific vulnerability and are typically included to demonstrate its significance and implications.