Refer to the exhibit.

You have received an advisory that your organization could be running a vulnerable
product. Using the Cisco Systems Rapid Risk Vulnerability Response Model, you
determine that * Your organization is running an affected product on a vulnerable
version of code * The vulnerable component is enabled and there is no feasible
workaround. * There is medium confidence of an attack without significant collateral
damage to the organization. According to the model, what is the appropriate urgency
level for remediation?

A.
contact ISP to trace attack

B.
priority maintenance process

C.
no action required

D.
remove vulnerable device from service

E.
standard maintenance process

F.
immediate mitigation process

Explanation:
http://www.cisco.com/c/en/us/about/security-center/vulnerability-risk-triage.html