Vulnerability Management
Drill 20 practice questions focused entirely on Vulnerability Management for the CompTIA CS0-003 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A CySA+ analyst is preparing to launch the organization's quarterly vulnerability scan. The current asset inventory lists 480 hosts, but the analyst notices that a recent network topology change added a new subnet for a business unit that provisioned its own cloud-connected devices without notifying IT. The security manager wants to ensure the scan does not miss any live systems on the network. Which action should the analyst take FIRST to address this gap?
A security analyst is planning a vulnerability scan of a manufacturing network segment containing legacy programmable logic controllers (PLCs) and human-machine interface (HMI) systems. During a prior scan, an aggressive active scan caused a PLC to become unresponsive, halting a production line. The analyst must map assets and identify vulnerabilities on this operational technology (OT) segment while minimizing the risk of disrupting production. Which scanning approach BEST meets these requirements?
A vulnerability scan identifies a critical remote code execution flaw on a legacy manufacturing control server. The vendor no longer supports the operating system, and no patch is available. The server must remain online because it controls an active production line, and it cannot be replaced for at least 18 months due to budget and procurement constraints. Which recommendation BEST reduces the risk while keeping the system operational?
A security analyst is tasked with performing a vulnerability scan of a fleet of internal Windows servers to build an accurate patch remediation plan. Previous uncredentialed scans produced many results based only on banner grabbing and left large gaps in missing-patch detection. The server team has approved providing a dedicated service account for scanning. Which scanning approach will provide the most accurate and complete assessment of missing patches and configuration weaknesses?
A vulnerability analyst is reviewing a scanner report that lists a vulnerability with the CVSS v3.1 vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Management asks the analyst to explain what characteristic of this vulnerability most significantly increases the urgency of remediation. Which statement is the analyst's BEST response?
A CySA+ analyst is reviewing a vulnerability assessment report and notices that one finding has a CVSS v3.1 vector string ending in the metric 'S:C'. The vendor advisory describes a flaw in a hypervisor component that allows a compromised guest virtual machine to affect the underlying host and other guests. When explaining the risk to management, which statement about the Scope (S) metric being set to 'Changed' is most accurate?
A vulnerability analyst is reviewing scan results for two servers. Both are affected by a vulnerability with a CVSS v3.1 base score of 9.8 (Critical). Server A is an internet-facing web server hosting the customer payment portal, and a public proof-of-concept exploit is confirmed to be circulating in the wild. Server B is an internal test server with no sensitive data, isolated on a segmented lab VLAN with no external access, and no known exploit exists for its specific configuration. Management wants the analyst to prioritize remediation using more than the base score alone. Which approach BEST reflects proper risk-based prioritization?
A vulnerability scanner reports that a critical Apache Struts remote code execution flaw (CVE-2017-5638) is present on a production web server. Before the analyst escalates the finding to the patching team, the server owner insists the application was migrated to a Java Spring framework months ago and no longer uses Struts. Which action should the analyst take FIRST to determine whether this is a false positive?
A DevOps team deploys cloud infrastructure using Terraform templates through a CI/CD pipeline. The security team discovers that several production S3 buckets were provisioned with public read access and unencrypted storage, and that these same misconfigurations keep reappearing after being manually fixed. Which approach would MOST effectively prevent these vulnerabilities from reaching production in the future?
A CySA+ analyst reviews recurring scan results and notices that several hardened servers, which passed a compliance baseline check three months ago, are now failing multiple configuration and missing-patch checks. Change records show no approved modifications to these systems during that period. Which recommendation BEST addresses the underlying cause the analyst has identified?
A retail organization's monthly vulnerability scan flags several findings across its environment. The security manager must decide which to remediate first. The affected systems include: (1) an internal HR workstation with a medium-severity local privilege escalation flaw, (2) a public-facing e-commerce web server in the cardholder data environment (CDE) with a medium-severity TLS misconfiguration, (3) a development server with a critical remote code execution flaw that is isolated on an air-gapped test network, and (4) a marketing kiosk with a low-severity outdated browser plugin. Which finding should be remediated first?
A CySA+ analyst runs a software composition analysis (SCA) scan against a Node.js application build. The report flags a critical remote code execution vulnerability in a logging library. Investigation shows the development team never directly imported this library; it was pulled in automatically by a charting package listed in package.json. The charting package itself has no fix that removes the vulnerable dependency. What is the MOST appropriate first action for the analyst to recommend?
A developer builds a web-based network diagnostics tool that lets support staff enter a hostname, which the application passes to the operating system's ping utility. During a security review, an analyst confirms that entering '8.8.8.8; cat /etc/passwd' returns the contents of the password file. Which secure coding practice would MOST directly prevent this class of vulnerability?
A vulnerability scan of a company's customer feedback portal reports a stored cross-site scripting (XSS) vulnerability. Analysts confirm that user-submitted comments are saved to a database and later rendered directly into the HTML of an administrative review page without any transformation. Which secure coding control most directly remediates this vulnerability?
A vulnerability scan of a customer-facing web application flags a critical SQL injection vulnerability in a login form. The development team confirms the finding is valid: the application concatenates user-supplied credentials directly into dynamic SQL statements. As the security analyst, which secure coding control should you recommend the developers implement to most effectively eliminate this class of vulnerability?
A CySA+ analyst reviews the weekly scan results and must recommend which vulnerability to remediate first. The organization has limited maintenance windows this week. The four findings below all have valid CVSS base scores. Which vulnerability should be prioritized for immediate remediation based on business context and exploitability?
A security analyst is triaging a vulnerability scan report containing over 400 findings across the enterprise. Management wants remediation effort focused first on vulnerabilities that pose the greatest real-world risk. Several findings have high CVSS base scores but no known public exploit, while a few findings with moderate CVSS scores appear on the CISA Known Exploited Vulnerabilities (KEV) catalog. Which approach should the analyst recommend to prioritize the initial remediation wave?
A vulnerability analyst reviews the latest scan results and must decide which finding to escalate first. Four vulnerabilities were identified, all with a CVSS base score of 7.5. Business context: the organization stores customer payment data on an internal database server. Which finding should the analyst prioritize for immediate remediation based on threat context and asset exposure?
A vulnerability analyst has identified a critical CVE affecting the company's customer-facing ERP application. The vendor has released a patch. Before deploying the patch to the production environment, the change advisory board requires the analyst to reduce the risk of the patch causing an outage or breaking application functionality. Which action should the analyst recommend FIRST to address this concern?
A critical vulnerability with an active exploit in the wild is discovered on a customer-facing payment application. The security team has a validated vendor patch ready to deploy. Organizational policy requires all production changes to pass through the weekly Change Advisory Board (CAB) meeting, which is five days away. What is the MOST appropriate action for the vulnerability manager to take?
More CS0-003 practice
Keep going with the other CompTIA CySA+ (CS0-003) domains, or take a full timed mock exam.
← Back to CS0-003 overview