🔥 3-day streak
CompTIA CySA+ (CS0-003)129 / 147
Question 129 of 147
A vulnerability scan flags a critical (CVSS 9.8) remote code execution flaw on an internal application server. During validation, the analyst confirms the vulnerable service is only reachable from a management VLAN that requires jump-host authentication and MFA, and the server holds no sensitive data. The vendor patch will not be released for three weeks. Which action best reflects proper risk-based prioritization for this finding?
Reviewed for accuracy · Report an issueNext question