A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?
A) Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.
B) Identify the issues that can be remediated most quickly and address them first.
C) Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
D) Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.

Question

Quizplus · Accepted Answer

The Answer of A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?
A) Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.
B) Identify the issues that can be remediated most quickly and address them first.
C) Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
D) Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.

A Penetration Tester Has Performed a Security Assessment for a Startup