A zero-day vulnerability is announced for the popular Apache web server in the middle of a workday. In Kimon's role as an information security analyst, he needs to quickly scan his network to determine what servers are vulnerable to the issue. What is Kimon's best route to quickly identify vulnerable systems?
Answer Options
Immediately run Nessus against all of the servers to identify which systems are vulnerable.
Review the CVE database to find the vulnerability information and patch information.
Create a custom IDS or IPS signature.
Identify affected versions and check systems for that version number using an automated scanner.
Correct Answer: D
Explanation
In many cases when an exploit is initially reported, there are no prebuilt signatures or detections for vulnerability scanners, and the CVE database may not immediately have information about the attack. Kimon's best option is to quickly gather information and review potentially vulnerable servers based on their current configuration. As more information becomes available, signatures and CVE information are likely to be published. Unfortunately for Kimon, IDS and IPS signatures will detect only attacks and won't detect whether systems are vulnerable unless he sees the systems being exploited.