CS0-003 · Question #656
CS0-003 Question #656: Real Exam Question with Answer & Explanation
The correct answer is D: Patch Vulnerability 2 because it is easier to exploit, has a high impact on availability, and it is. Vulnerability 2 can be exploited remotely with low attack complexity and no user interaction, and it has a high impact on availability, which makes it more immediately disruptive to a critical router and a higher operational risk during this maintenance window.
Question
A security analyst is analyzing two vulnerabilities on a critical router. The analyst must choose only one to patch during this maintenance window. Given the following information: Vulnerability 1 has not received a CVSS score. The vulnerability has the following characteristics: - Must be logged in to the router, but elevated privileges are not required - Trivial to exploit, but user interaction is needed - Low impact to availability, but high impact to confidentiality and integrity Vulnerability 2 has a CVSS score of AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H Which of the following conclusions should the analyst reach?
Options
- APatch Vulnerability 1 because it has a higher overall impact when looking at confidentiality,
- BPatch Vulnerability 1 because it is easier to exploit and has a higher impact on confidentiality.
- CPatch Vulnerability 2 because it has a higher overall impact when looking at confidentiality,
- DPatch Vulnerability 2 because it is easier to exploit, has a high impact on availability, and it is
Explanation
Vulnerability 2 can be exploited remotely with low attack complexity and no user interaction, and it has a high impact on availability, which makes it more immediately disruptive to a critical router and a higher operational risk during this maintenance window.
Topics
Community Discussion
No community discussion yet for this question.