nerdexam
Cisco

350-201(NEW-127Q) · Question #86

350-201(NEW-127Q) Question #86: Real Exam Question with Answer & Explanation

The correct answer is C. Concentrate on correcting file server permissions, updating web server software, and remediating SSL/TLS configurations.. Option C correctly prioritizes the three vulnerabilities with the most immediate, technically exploitable risk: misconfigured file server permissions (direct unauthorized data access), outdated web server software (known CVEs on an internet-facing system), and insecure SSL/TLS co

Security Assessment and Vulnerability Management

Question

Refer to the exhibit. Vulnerability 1: Outdated web server software Vulnerability 2: Insecure SSL/TLS configurations Vulnerability 3: Unpatched database management system Vulnerability 4: Inadequate password policies Vulnerability 5: Misconfigured file server permissions A security analyst is reviewing a vulnerability assessment report for an organization and must recommend general mitigation steps to address the identified issues. The organization's environment consists of web applications, databases, and file servers. Based on the vulnerabilities in the exhibit, which action should the security analyst take first to mitigate the highest risks?

Options

  • AFocus on updating the web server software, patching the database management system, and correcting file server permissions.
  • BImplement a Web Application Firewall, deploy an Intrusion Detection System, and establish a Security Operations Center.
  • CConcentrate on correcting file server permissions, updating web server software, and remediating SSL/TLS configurations.
  • DPrioritize remediation of SSL/TLS configurations, enforcement of strong password policies, and implementation of network segmentation.

Explanation

Option C correctly prioritizes the three vulnerabilities with the most immediate, technically exploitable risk: misconfigured file server permissions (direct unauthorized data access), outdated web server software (known CVEs on an internet-facing system), and insecure SSL/TLS configurations (live exposure of data in transit). These are concrete, remediable misconfigurations that an attacker can exploit right now without prerequisites.

Option A is close but wrong - it swaps SSL/TLS remediation (Vulnerability 2, high exploitability) for database patching (Vulnerability 3), deprioritizing an actively exposed encryption weakness in favor of a less immediately reachable internal system.

Option B is a distractor for test takers who confuse adding new security tools (WAF, IDS, SOC) with fixing existing vulnerabilities - these are compensating controls, not remediations, and don't address any of the five listed issues directly.

Option D mixes a valid priority (SSL/TLS) with a lower-severity item (password policies require behavioral change and have slower ROI) and introduces network segmentation, which isn't even in the vulnerability list - it's creating new scope instead of remediating identified gaps.

Memory tip: Think "Fix what's broken before buying what's new." If you see an answer offering new infrastructure (WAF, IDS, SOC) when specific vulnerabilities are listed, eliminate it - the exam expects you to remediate identified issues first, not add compensating controls.

Topics

#Vulnerability Assessment#Risk Prioritization#Remediation Strategy#Access Control

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201(NEW-127Q) Practice