Vulnerability Management Questions
Practice questions for Vulnerability Management topic in CompTIA CySA+. 27 questions covering this domain.
A penetration test report identifies that the organization's web application is vulnerable to insecure deserialization. The development team asks the ...
A security team is scheduling vulnerability remediation and must patch a critical vulnerability on a production database server. Which vulnerability r...
What does CVSS stand for, and what is its primary purpose?
An analyst is reviewing the output of a web application scanner and finds a reflected cross-site scripting (XSS) vulnerability. Which mitigation contr...
A vulnerability scanner reports a critical CVE on a server, but the organization's security team determines the vulnerable component is not reachable ...
Which type of vulnerability scanning is performed without deploying an agent on the target system?
A zero-day vulnerability is discovered in a widely used VPN appliance actively being exploited in the wild. No patch is available. Which response acti...
What is the difference between credentialed and non-credentialed vulnerability scanning?
A security analyst is reviewing assessment tool output from a Nessus scan of a DMZ segment. The report shows a critical finding titled 'SSL/TLS Use of...
During a cloud infrastructure assessment, a security analyst discovers an AWS S3 bucket configured with public read access containing sensitive custom...
Which factor should be given the highest weight when prioritizing vulnerability remediation across a large asset inventory?
An analyst receives a web application scanner report showing a SQL injection vulnerability. Which mitigation should be recommended?
An organization has 500 open vulnerabilities. The security team has limited resources and must prioritize remediation. A CVSS 7.2 vulnerability exists...
Which type of vulnerability scan would be most appropriate for discovering vulnerabilities in a web application's business logic?
An organization wants to perform vulnerability scanning of its cloud-hosted workloads in AWS. Which scanning approach provides the most comprehensive ...
A newly released CVE has a CVSS base score of 6.5 but CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploi...
During a vulnerability assessment of a critical infrastructure environment (ICS/OT), the security team proposes running an active credentialed vulnera...
During a routine vulnerability scan, an analyst discovers that several workstations are running an end-of-life (EOL) operating system that no longer r...
What does a CVSS base score of 9.8 indicate about a vulnerability?
A security analyst is reviewing a vulnerability scan report and notices a finding marked as 'potential' rather than confirmed. What should the analyst...
Sign in to see all 27 questions
Create a free account to browse all questions — completely free during our launch phase.