CASP+ Exam: Reviewing Zero-Day Vulnerabilities | CompTIA

Reviewing Zero-Day Vulnerabilities

Question

A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data.

The Chief Information Security Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization's exposure to that risk.

Which of the following should the new security administrator review to gain more information? (Choose three.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F. G.

ACG.

As a new security administrator, there are several resources that the administrator should review to gain more information about the zero-day vulnerability and exploit for specific application servers. The following are the most relevant options:

A. CVE database: CVE (Common Vulnerabilities and Exposures) is a publicly available list of standardized identifiers for cybersecurity vulnerabilities and exposures. Reviewing the CVE database can provide the security administrator with details about the vulnerability and its severity, along with links to any available patches or mitigation techniques.

C. Security vendor pages: Many security vendors maintain pages dedicated to providing information on the latest security threats, including zero-day vulnerabilities. These pages can provide valuable insights into the nature of the threat, as well as recommended actions to mitigate the risk.

D. Known vendor threat models: Some vendors publish threat models specific to their products, which can provide in-depth information about the vulnerability and recommended mitigation strategies. These models can help the security administrator to develop a more comprehensive understanding of the threat and its potential impact on the organization.

Other options such as B, E, F, G, and H are less relevant to this specific situation. Recent security industry conferences may be a source of information, but they are unlikely to provide timely and specific details about the zero-day vulnerability and exploit. Secure routing metrics and NetFlow analytics are network monitoring tools and are not directly related to the specific application server vulnerability. The server's vendor documentation may contain information about the vulnerability, but it is unlikely to be as comprehensive or up-to-date as the other options listed above.

In summary, the new security administrator should review the CVE database, security vendor pages, and known vendor threat models to gain more information about the zero-day vulnerability and exploit for specific application servers.