ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 141 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 141
Topic #: 1
[All 312-50v13 Questions]

An organization suspects a persistent threat from a cybercriminal. They hire an ethical hacker, John, to evaluate their system security. John identifies several vulnerabilities and advises the organization on preventive measures. However, the organization has limited resources and opts to fix only the most severe vulnerability. Subsequently, a data breach occurs exploiting a different vulnerability. Which of the following statements best describes this scenario?

  • A. The organization is at fault because it did not fix all identified vulnerabilities.
  • B. Both the organization and John share responsibility because they did not adequately manage the vulnerabilities.
  • C. John is at fault because he did not emphasize the necessity of patching all vulnerabilities.
  • D. The organization is not at fault because they used their resources as per their understanding.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by MHafizC at Jan. 15, 2025, 7:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MHafizC
Highly Voted 3 months ago
Selected Answer: A
I would opt for A. John did what was tasked, and the company understood the risk, but they decided not to do an amendment accordingly.
upvoted 5 times
...
killwitch
Most Recent 1 month, 1 week ago
Selected Answer: A
Organization opted to fix only the most severe vulnerability. Other vulnerabilities have been left open, so it's organization's fault.
upvoted 3 times
...
marcel9999
1 month, 2 weeks ago
Selected Answer: A
John was hired and created his report, the company is then responsible to fix..
upvoted 4 times
...
HazalAlenazi
2 months, 1 week ago
Selected Answer: B
The Organization's Responsibility: 1- They had limited resources, but prioritizing only one vulnerability was a poor risk management decision. 2- Cybersecurity is about holistic protection, not just fixing one critical issue. 3- Ignoring other known vulnerabilities left the system exposed, leading to the data breach. John’s Responsibility: 1- As a professional ethical hacker, John should have clearly communicated the risks of leaving other vulnerabilities unpatched. 2- He should have provided a risk-based prioritization with possible mitigation strategies for all vulnerabilities. 3- If the organization couldn’t patch everything, he could have suggested compensating controls (e.g., monitoring, segmentation, or temporary mitigations). Cybersecurity is a shared responsibility, and this case reflects poor risk prioritization rather than a single point of failure.
upvoted 1 times
NikoTomas
1 month ago
I disagree. This is not like in the cloud environment with "shared responsibility" model between provider and customer. This is pure organizational decision to leave vulnerabilities without fixes. Responsible is always management of the organization - they are driving the business and they must know what is crucial for reaching their goals and what level of risk can be accepted. The security specialists (especially risk managers) just elaborate analysis and provide it to the management. The management must decide what to do. The security specialist don't have to know about all business affairs...
upvoted 1 times
...
...
pindinga1
2 months, 2 weeks ago
Selected Answer: A
I think John has nothing to do with the company's problems, he has just started to identify the problems, I think he is alternative A
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago