Question 5 - Cisco 300-745 Exam Questions [June 2026 Update]

Q: 5

The network security team of a private university is conducting a comprehensive audit to evaluate the security posture across the network infrastructure. During the review, the security team found that a trusted vendor disclosed serious vulnerabilities identified in a product that plays a crucial role in the university’s CI/CD pipeline. The security team must act promptly to mitigate the potential risks posed by these vulnerabilities. Which action must the security team take first in response to the disclosure?

Options

Correct Answer:

Explanation

The first and most fundamental step in responding to a vulnerability disclosure is to identify and validate if the organization is affected. Before any mitigation, impact analysis, or communication can occur, the security team must confirm that the vulnerable product is present within their environment. This initial asset and vulnerability identification step is critical to determine the scope of the problem and to ensure that all subsequent response efforts are focused, efficient, and relevant to the actual risk posture of the university. This aligns with the "Detection and Analysis" phase of standard incident response lifecycles.

Why Incorrect

A. Leveraging IDS to measure the impact of the vulnerability is a subsequent analysis step, not the first action. It assumes the vulnerable asset has already been identified.

B. Notifying customers before confirming the vulnerability's presence and assessing its actual impact is premature and could cause unnecessary alarm and confusion.

D. Patching is a remediation action. It should only be performed after the vulnerable systems have been identified, the risk has been assessed, and the patch has been tested.

---

References

1. NIST Special Publication 800-61 Rev. 2, Computer Security Incident Handling Guide. Section 2.3.2, "Detection and Analysis," states: "The analysis phase involves, in part, validating the incident... This analysis is necessary to confirm that an incident has occurred and to determine its scope." This supports the principle of first confirming the presence of the vulnerability before taking other actions.

2. Cisco, Security Vulnerability Policy. The "Customer's Role" section implicitly guides customers through a process that begins with awareness and identification. It states, "Customers should... determine which of their systems are affected by a vulnerability." This highlights that the initial responsibility is to identify the affected assets in their own environment.

3. NIST Special Publication 800-40 Rev. 4, Guide to Enterprise Patch Management Technologies. Section 2.2, "Patch Management Process," outlines the lifecycle which begins with asset and software inventory. It emphasizes that organizations must "know what systems are on their network and what software is on those systems" as a prerequisite for effective patch and vulnerability management. This directly supports validating the product's presence as the first step.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE