A security analyst is tasked with prioritizing vulnerabilities for remediation. The relevant company security policies are shown below:
Security Policy 1006: Vulnerability Management
1. The Company shall use the CVSSv3.1 Base Score Metrics (Exploitability and Impact) to prioritize the remediation of security vulnerabilities.
2. In situations where a choice must be made between confidentiality and availability, the Company shall prioritize confidentiality of data over availability of systems and data.
3. The Company shall prioritize patching of publicly available systems and services over patching of internally available system.
According to the security policy, which of the following vulnerabilities should be the highest priority to patch?

A. Name: THOR.HAMMER -CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HInternal System

B. Name: CAP.SHIELD -CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExternal System

C. Name: LOKI.DAGGER -CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExternal System

D. Name: THANOS.GAUNTLET -CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NInternal System








 

Suggested Answer: B

Community Answer: B



This question is in CS0-003 CompTIA Cybersecurity Analyst (CySA+) Exam
For getting CompTIA Cybersecurity Analyst (CySA+) Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.