🔥 3-day streak
CompTIA CySA+ (CS0-003)11 / 147
Question 11 of 147

A vulnerability analyst is reviewing scan results for two servers. Both are affected by a vulnerability with a CVSS v3.1 base score of 9.8 (Critical). Server A is an internet-facing web server hosting the customer payment portal, and a public proof-of-concept exploit is confirmed to be circulating in the wild. Server B is an internal test server with no sensitive data, isolated on a segmented lab VLAN with no external access, and no known exploit exists for its specific configuration. Management wants the analyst to prioritize remediation using more than the base score alone. Which approach BEST reflects proper risk-based prioritization?

Reviewed for accuracy · Report an issueNext question