GIAC Penetration Tester (GPEN) — Question 8

A client with 7200 employees in 14 cities (all connected via high speed WAN connections) has suffered a major external security breach via a desktop which cost them more than SI 72.000 and the loss of a high profile client. They ask you to perform a desktop vulnerability assessment to identify everything that needs to be patched. Using Nessus you find tens of thousands of vulnerabilities that need to be patched. In the report you find workstations running several Windows OS versions and service pack levels, anti-virus software from multiple vendors several major browser versions and different versions of Acrobat Reader. Which of the following recommendations should you provide with the report?

Answer options

• A. The client should standardize their desktop software
• B. The client should eliminate workstations to reduce workload
• C. The client should hire more people to catch up on patches
• D. The client should perform monthly vulnerability assessments

Correct answer: A

Explanation

Standardizing desktop software helps ensure consistency, making it easier to manage updates and reduce vulnerabilities. The other options, such as eliminating workstations or hiring more staff, do not directly address the root cause of the security issues or improve the patch management process. Monthly assessments are beneficial but do not solve the immediate problem of disparate software versions leading to vulnerabilities.