Monthly Job Failure: Resolving Critical Findings Effectively

Install Approved Vendor Software Updates and Hot Fixes | CompTIA CySA+ Exam (CS0-002)

Question

A monthly job to install approved vendor software updates and hot fixes recently stopped working.

The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database.

Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

AB.

The security team has identified several hosts with critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database. To resolve these critical findings in the most effective manner, the security team should take the following steps:

  1. Patch the required hosts with the correct updates and hot fixes, and rescan them for vulnerabilities: The first step should be to patch the required hosts with the correct updates and hot fixes. This will address the identified vulnerabilities and reduce the risk of a successful attack. Once the patching is complete, the security team should rescan the hosts for vulnerabilities to ensure that the patches have been applied successfully.

  2. Harden the hosts on the network, as recommended by the NIST framework: In addition to patching the hosts, the security team should also consider hardening the hosts on the network as recommended by the National Institute of Standards and Technology (NIST) framework. Hardening involves implementing security measures such as disabling unnecessary services, changing default passwords, and configuring firewalls. These measures will further reduce the risk of a successful attack and improve the overall security posture of the hosts.

Therefore, the correct answers to this question are A and E. Option B, to remove the servers reported to have high and medium vulnerabilities, may not be the best solution as it may result in losing critical services, data, or applications. Option C, to tag the computers with critical findings as a business risk acceptance, is not recommended as it does not address the vulnerabilities and may result in a security breach. Option D, to manually patch the computers on the network, as recommended on the CVE website, is time-consuming and may not be the most effective solution. Option F, to resolve the monthly job issues and test them before applying them to the production network, does not address the identified vulnerabilities and may lead to an increased risk of a successful attack.