Management wants to scan servers for vulnerabilities on a periodic basis. Management has decided that the scan frequency should be determined only by vendor patch schedules and the organization’s application deployment schedule. Which of the following would force the organization to conduct an out-of-cycle vulnerability scan?
A. Newly discovered PII on a server
B. A vendor releases a critical patch update
C. A critical bug fix in the organizationâ’s application
D. False positives identified in production