SY0-501 Question #381: Real Exam Question with Answer & Explanation

Question

A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services. The scan reports include the following critical-rated vulnerability: Title: Remote Command Execution vulnerability in web server Rating: Critical (CVSS 10.0) Threat actor: any remote user of the web server Confidence: certain Recommendation: apply vendor patches Which of the following actions should the security analyst perform FIRST?

Options

• AEscalate the issue to senior management.
• BApply organizational context to the risk rating.
• COrganize for urgent out-of-cycle patching.
• DExploit the server to check whether it is a false positive.

Explanation

Upon discovering a critical vulnerability from an internal scan, the security analyst's first action should be to apply organizational context to the risk rating before initiating other responses.

Common mistakes.

• A. Escalating the issue to senior management immediately, without first understanding the specific organizational impact and context, is premature and could cause undue alarm or be misinformed.
• C. Organizing for urgent out-of-cycle patching without first understanding the specific organizational impact, risk, and priority could lead to misallocated resources or unnecessary disruption.
• D. Exploiting a production server to verify a vulnerability is a highly risky action that could cause service disruption or data loss, and should only be performed in controlled environments and with proper authorization.

Concept tested. Vulnerability management risk contextualization and prioritization

Reference. https://learn.microsoft.com/en-us/training/modules/develop-vulnerability-management-strategy/4-assess-risk

No community discussion yet for this question.