ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 31 discussion

Actual exam question from CompTIA's CS0-001
Question #: 31
Topic #: 1
[All CS0-001 Questions]

A system administrator recently deployed and verified the installation of a critical patch issued by the company's primary OS vendor. This patch was supposed to remedy a vulnerability that would allow an adversary to remotely execute code from over the network. However, the administrator just ran a vulnerability assessment of networked systems, and each of them still reported having the same vulnerability. Which of the following is the MOST likely explanation for this?

  • A. The administrator entered the wrong IP range for the assessment.
  • B. The administrator did not wait long enough after applying the patch to run the assessment.
  • C. The patch did not remediate the vulnerability.
  • D. The vulnerability assessment returned false positives.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by s3curity at Nov. 20, 2019, 10:33 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
XAmbivert
Highly Voted 5 years, 1 month ago
The answer is C. The remediation of a security vuln not only involves patching, but also other related tasks such as configuration changes and the like. Tripwire has an excellent take on this: https://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-management-patch-management/
upvoted 5 times
s3curity1
4 years, 11 months ago
Re-reading the question, I think this is C also. The patch was supposed to remedy a vulnerability, so either this was an error on the vendor's part (thorough testing was not performed before the patch is fixed), or that there are other tasks needed to patch the vulnerability but was not performed.
upvoted 3 times
...
...
Jeend
Most Recent 2 years, 4 months ago
Patch not remediate Vulnerability
upvoted 1 times
...
Acrisius
4 years, 5 months ago
I agree with those who chose C. Keep an eye out for wording in the questions. It says "Supposed to remedy". Totally get the False positives, It was the first one that drew my eye.
upvoted 2 times
...
festusoriaku7
4 years, 8 months ago
The answer is C
upvoted 3 times
...
Blind_Hatred
4 years, 10 months ago
I think the answer is indeed C. Read this article: https://securityintelligence.com/posts/why-fixing-security-vulnerabilities-is-not-that-simple/
upvoted 4 times
...
Konrad007
5 years, 2 months ago
I agree with s3security as he recently ran a vulnerability scan. Practice test book have similar question and answer was False Positive.
upvoted 2 times
...
s3curity
5 years, 5 months ago
Is this really C? Answer could also be D since it might be a false positive since they have already deployed the patch from their vendor.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago