Exam SY0-601 topic 1 question 181 discussion

Dudes and dudettes, the question says "a patch is available for the vulnerability." So, answer A is the correct one.

A Zero day would not appear in historical scans, surely? how could a scan detect and record it before it was known.

A. Security patches were uninstalled due to user impact.

First of all if you're a security analyst and you willingly unpatch your system, then you should be fired. There's a difference between relaxing your security practices in order to minimize user impact, and purposely leaving your system vulnerable to attacks. The answer is D.

known vulnerability, still compromised = patches never installed or uninstalled

I really don't get how D got so little votes. It didn't mention ever being installed. It was available. It makes much more sense to think it showed up as a false negative.

The vulnerability was present in historical scan reports and a patch is available, but the server was still exploited, it suggests that the vulnerability was not properly identified in the recent scan report. This could be due to a false negative, where the scan incorrectly reported that the vulnerability was not present.

A. Security patches were uninstalled due to user impact. If the vulnerability was present in historical vulnerability scan reports, and a patch is available for the vulnerability, the removal or uninstallation of security patches is a common reason for the vulnerability to persist. This could be done to address user impact or compatibility issues, but it leaves the system exposed to known vulnerabilities. Regular patch management is crucial to address and mitigate known security vulnerabilities.

what you guys are voting on and saying is right is different from the vendor and vendor prep. Not sure how useful this site even is when you're all so wrong on so many questions

For me the most correct answer here is D.

A seems like the obvious choice on first reading but I'm going to go with D. My reason being is if someone uninstalled the security patches, then doing a new vulnerability scan report would show up the vulnerability again once the patch is uninstalled.

Answer: D. The scan reported a false negative for the vulnerability. Explanation: A false negative means that the vulnerability scan failed to detect the presence of the vulnerability. In this case, the historical vulnerability scan reports did indicate the presence of the vulnerability, and a patch is available for it. However, the latest scan report did not identify the vulnerability as a concern.

I had my exam today and passed with 800. This material was tremendously useful. Thanks, everyone.

Q (334) A security analyst is reviewing the latest vulnerability scan report for a web server following an incident. The vulnerability report showed no concerning findings. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause? A. Security patches failed to install due to a version incompatibility. B. An adversary altered the vulnerability scan reports. [Most Voted] C. A zero-day vulnerability was used to exploit the web server. D. The scan reported a false negative for the vulnerability. [Most Voted] the correct answer is D on both questions! correct me if I am wrong

y'all are shooting over the target. This is a straight forward question and answer. The vuln was on a historic vuln report, they patched it but now it is showing up on the vuln report. The MOST likely cause for the vulnerability to remain unpatched is option A, "Security patches were uninstalled due to user impact." This suggests that the patch may have been installed at some point but later uninstalled because it caused issues with the system or applications, leaving the vulnerability exposed again.

Is it just me or do none of these answers make sense to the question? A. Security patches were uninstalled due to user impact. - The question has no indication of user impact which would indicate this as the answer B. An adversary altered the vulnerability scan reports - It's not realistic for an adversary to go through multiple vulnerability scans and alter the report to include a vulnerability and a patch C. A zero-day vulnerability was used to exploit the web server - It can't be a zero day because the question states it has shown up in multiple vulnerability scans and a patch is available. A zero day is unknown D. The scan reported a false negative for the vulnerability - As the vulnerability scan has reported results of a patch and a vulnerability that was used then it cannot be a false negative. I went with A because it's the one that makes the most sense out of the answers that make no sense to me. This question just forces you to assume in the scenario which I'm not a fan of.

The anser is D.