Exam 350-201 topic 1 question 107 discussion

ChatGPT: While CVSS is a helpful tool, relying solely on CVSS scores can lead to suboptimal prioritization. Evaluating the risk and impact to business services provides a more holistic approach to vulnerability management and remediation, ensuring that you protect the most critical systems first.

I would go with C, even though is a practice that is not in use anymore as other considerations related to business should be done, but it was the default action in the past.

Based on the detected vulnerabilities, the next recommended mitigation step is to remediate all vulnerabilities with descending Common Vulnerability Scoring System (CVSS) score order. Prioritizing vulnerabilities based on their CVSS score is a common practice that allows organizations to focus on addressing the most severe vulnerabilities first. Evaluating service disruption and associated risk before prioritizing patches (option A) can be a time-consuming process that delays the remediation of critical vulnerabilities. Performing root cause analysis for all detected vulnerabilities (option B) is also an important step, but it can be done concurrently with remediation efforts. Temporarily shutting down unnecessary services until patch deployment ends (option D) can reduce the attack surface, but it may not be practical in all cases, and it does not address the underlying vulnerabilities. Therefore, option C, remediate all vulnerabilities with descending CVSS score order, is the most appropriate next recommended mitigation step.

Agree. C is correct.

C is correct