🔥 3-day streak
CompTIA Security+ (SY0-701)68 / 77
Question 68 of 77

A security analyst receives a vulnerability scan report indicating that a web server is running an outdated version of Apache with a critical remote code execution vulnerability (CVE-2021-41773). Upon investigation, the analyst confirms that the server is running Apache 2.4.51, but the organization applied a vendor-supplied security patch that specifically addresses this CVE without upgrading the version number. What should the analyst classify this finding as during the analysis phase?

Reviewed for accuracy · Report an issueNext question →