Question

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the remediate to immediately remediate all vulnerabilities. Under such circumstances which of the following would be the BEST suggestion for the client?

a. Address critical vulnerabilities first
b. Ignore non-critical vulnerabilities
c. Delay the entire remediation process
d. Hire additional security personnel

Answer 1

The best suggestion for the client is to address critical vulnerabilities first.

Step-by-step explanation:

When faced with limited resources to address vulnerabilities, the BEST suggestion for the client is to address critical vulnerabilities first. Critical vulnerabilities pose the greatest risk to the security of the startup firm and should be prioritized for immediate remediation. Ignoring non-critical vulnerabilities may leave the system exposed to potential attacks, and delaying the entire remediation process can increase the likelihood of a successful breach.