Last Updated on August 14, 2021 by Admin
A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services.
The scan reports include the following critical-rated vulnerability: Title: Remote Command Execution vulnerability in web server Rating: Critical (CVSS 10.0)
Threat actor: any remote user of the web server
Confidence: certain
Recommendation: apply vendor patches
Which of the following actions should the security analyst perform FIRST?
- Escalate the issue to senior management.
- Apply organizational context to the risk rating.
- Organize for urgent out-of-cycle patching.
- Exploit the server to check whether it is a false positive.