Question

A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization's exposure to that risk.

Which of the following should the new security administrator review to gain more information? (Choose three.)

A. CVE database
B. Recent security industry conferences
C. Security vendor pages
D. Known vendor threat models
E. Secure routing metrics
F. Server's vendor documentation
G. Verified security forums
H. NetFlow analytics

Answer 1

To address a zero-day vulnerability, the security administrator should review the CVE database for detailed vulnerability information, consult security vendor pages for real-time alerts and solutions, and check the server's vendor documentation for advisories and secure configuration guidelines.

Step-by-step explanation:

If a new security administrator is tasked with mitigating the exposure to a zero-day vulnerability for application servers, the following three resources should be reviewed for comprehensive information. First would be the CVE database, which catalogs publicly disclosed cybersecurity vulnerabilities and exposures in a standardized way, providing detailed information about each vulnerability, its potential impacts, and possible mitigations.

Next, Security vendor pages are vital as they often contain real-time alerts and solutions for recent vulnerabilities that affect their products. These pages may also include workaround or patch information. Lastly, the server's vendor documentation may contain specific advisories and recommended actions regarding the secure configuration and patch management of the application server in question.