🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional65 / 129
Question 65 of 129

A SOC analyst reviewing threat intelligence feeds notices a newly published CVE for the exact version of a web server the organization runs in its DMZ. No exploitation attempts against the organization have been observed yet, but the feed reports active scanning for this vulnerability across the internet. According to NIST incident-handling terminology, how should the analyst classify this observation?

Reviewed for accuracy · Report an issueNext question