After reviewing a vulnerability management report, a security analyst needs to recommend an action plan to address critical vulnerabilities. Which of the following should be the analyst’s FIRST recommendation?
Conduct awareness, education, and training programs for the affected departments.
Develop and deploy patches to remediate the identified critical vulnerabilities.
Implement compensating controls to temporarily mitigate risk until patches can be applied.
Reevaluate the existing business requirements to align with the current threat landscape.
Patching is considered the first line of defense against most vulnerabilities and should typically be prioritized to reduce the window of opportunity for attackers to exploit. While compensating controls and awareness training are important, they do not directly address the underlying vulnerability and are often employed when patching is not immediately possible. Changing business requirements is an influencing factor for an action plan but does not constitute an immediate response to vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.