You notice that a new CVE has been shared to an email group that you belong to. What should you do first with the CVE?
Correct Answer: A
The CCST Cybersecurity material describes that the first step after receiving a new CVE notification is to review its details-such as affected systems, severity, and exploitability-to determine if it is relevant to your organization. "Upon learning of a new CVE, security teams should analyze the vulnerability description, affected products, and CVSS score to determine applicability and urgency of mitigation." (CCST Cybersecurity, Vulnerability Assessment and Risk Management, Vulnerability Prioritization section, Cisco Networking Academy) A is correct: Confirming applicability avoids unnecessary remediation for irrelevant vulnerabilities. B is done after confirming applicability. C (disaster recovery plan) is unrelated to immediate CVE handling. D (adding to firewall rules) is premature without confirming impact.
