SY0-501 · Question #246
SY0-501 Question #246: Real Exam Question with Answer & Explanation
The correct answer is B: Server101. Server101, an internet-facing web server, poses the most immediate risk because its buffer overflow vulnerability allows external attackers to gain initial unauthorized access and install software, aligning with the highest concern of external compromise.
Question
Audit logs from a small company's vulnerability scanning software show the following findings: Destinations scanned: -Server001- Internal human resources payroll server -Server101- Internet-facing web server -Server201- SQL server for Server101 -Server301- Jumpbox used by systems administrators accessible from the internal network Validated vulnerabilities found: -Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software - Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software - Server201- OS updates not fully current -Server301- Accessible from internal network without the use of jumpbox -Server301- Vulnerable to highly publicized exploit that can elevate user privileges Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?
Options
- AServer001
- BServer101
- CServer201
- DServer301
Explanation
Server101, an internet-facing web server, poses the most immediate risk because its buffer overflow vulnerability allows external attackers to gain initial unauthorized access and install software, aligning with the highest concern of external compromise.
Common mistakes.
- A. Server001 is an internal payroll server, meaning external attackers would first need to compromise an external-facing system before being able to exploit vulnerabilities on Server001.
- C. Server201 has outdated OS updates, which is a vulnerability, but it is not directly internet-facing and does not present as immediate an initial access vector for external attackers as a buffer overflow on a perimeter server.
- D. Server301's vulnerabilities (accessible without jumpbox, privilege escalation) are significant but primarily exploited after an attacker has already gained internal network access, rather than being the initial entry point for external attackers.
Concept tested. Prioritizing vulnerability remediation based on external exposure
Reference. https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-security-recommendations
Community Discussion
No community discussion yet for this question.