The process of identifying, assessing, and mitigating vulnerabilities in systems is part of Vulnerability Management.
Vulnerability Management involves:
Detecting potential weaknesses or misconfigurations.
Assessing their severity and prioritizing fixes.
Applying patches or other mitigation controls.
Verifying that remediation efforts are successful.
While threat intelligence provides contextual data, the actual handling and resolution of discovered vulnerabilities fall under vulnerability management.
Why the Other Options Are Incorrect:
A. Threat intelligence analysis: Focuses on gathering and analyzing threat data, not fixing vulnerabilities.
C. Security awareness training: Involves educating staff, not mitigating technical issues.
D. Incident response: Comes into play after an incident has occurred; this scenario focuses on prevention.
Conclusion:
The analyst is engaged in Vulnerability Management, aimed at reducing the risk of exploitation before an attack occurs.
Final Answer: B. Vulnerability management
Explanation Reference (Based on CTIA Study Concepts):
Vulnerability management is emphasized as a preventive cybersecurity function that identifies and mitigates exploitable weaknesses.
