A security team in a regulated banking environment discovers that a critical production application relies on an unpatched open-source library. The group has already completed the vulnerability scan, validated the finding in the CVE database, and performed a risk assessment showing high likelihood and impact. According to the vulnerability management lifecycle, what is the most effective next action as part of the remediation phase?
Increase log monitoring for attempted exploitation of the library
Notify end users about the risk before making any changes
Revert the application to a previous software version
Install the vendor's patch and verify the vulnerability is resolved
Applying the vendor's patch removes the flawed code, preventing attackers from exploiting the known CVE. Rolling back to a prior version could leave the same or other vulnerabilities in place. Monitoring logs alone does not eliminate the weakness, and user notifications improve awareness but do not fix the underlying issue. Patching and validating that the issue is resolved completes the remediation phase of the vulnerability management cycle.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the vulnerability management lifecycle?
Open an interactive chat with Bash
What is a CVE database and why is it important?
Open an interactive chat with Bash
Why is patching vulnerabilities more effective than just monitoring logs?