exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam

Exam SY0-501 topic 1 question 123 discussion

Actual exam question from CompTIA's SY0-501
Question #: 123
Topic #: 1
[All SY0-501 Questions]

During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach to this incident?

  • A. The finding is a false positive and can be disregarded
  • B. The Struts module needs to be hardened on the server
  • C. The Apache software on the server needs to be patched and updated
  • D. The server has been compromised by malware and needs to be quarantined.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Rockadocious
Highly Voted 5 years, 5 months ago
Answer is A. It was a vulnerablity scan. The server was flagged for being vulernable TO an Apache Struts exploit. The developer that was responsible for THAT server informs Security it is NOT installed. The vulnerabiltiy is not there. The scan was a false positive (meaning it detected something that really wasn't there).
upvoted 11 times
...
who__cares123456789___
Highly Voted 3 years, 11 months ago
What EVER you do, do not listen to day95! In fact, I would put an implict DENY on all his/her opinions... wth does he mean "initial server doesnt have apache"? The damn developer said it dont have the "STRUTS" module...JEEZ
upvoted 8 times
kekmaster
3 years, 9 months ago
LOL! these discussions are top tier info and comedy , gotta love it
upvoted 2 times
...
...
vaxakaw829
Most Recent 4 years, 4 months ago
Unfortunately, vulnerability scanners aren’t perfect. Occasionally, they report a vulnerability when it doesn’t actually exist. In other words, the scan indicates a system has a known vulnerability, but the report is false. As an example, a vulnerability scan on a server might report that the server is missing patches related to a database application, but the server doesn’t have a database application installed (Darril Gibson’s Get Certified Get Ahead p. 574).
upvoted 1 times
...
GJEF
4 years, 5 months ago
We have to first question the vulnerability scan that was done, then verify if Apache was truly installed or not then before we decide to quarantine. In a real-life scenario, this would have been the case. Option A is not a good step to take at all and option D alike. So in a sense, for best practice regarding security intelligence, eliminating all options presented, I'd go for option D with caution 'cos you don't neglect a security issue.
upvoted 2 times
...
Basem
5 years, 4 months ago
It is a false positive as vulnerability scans can cause many false positives as per the "get certified get ahead". you can use credentialed scans to reduce false positives.
upvoted 2 times
...
tizttech
5 years, 5 months ago
Answer is D. If you're sure that on the server Apache is not installed, and with a scan you find "Apache is not updated" well... that's a problem.
upvoted 1 times
...
mad
5 years, 6 months ago
Agree that answer is A. An exploit is moot if the designated target does not have any means for the potential exploit to function in the first place, and would be a waste of time and resources to address a potential threat if the threat has no means to take advantage of required vulnerability.
upvoted 2 times
...
day95
5 years, 6 months ago
The answer is not A, it is D because initially the server did not have apache, so malware infected the server and is referencing apache somehow. If the server did have apache initially, it would be a false positive if an anaylst went deeper into the problem and found nothing.
upvoted 5 times
Jasonbelt
4 years, 5 months ago
Why would you dig deeper into a problem that doesn't exist?
upvoted 9 times
...
...
bob99
5 years, 6 months ago
The answer is A false positive
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago