Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam

Exam CS0-003 topic 1 question 8 discussion

Actual exam question from CompTIA's CS0-003

Question #: 8
Topic #: 1

A security analyst is tasked with prioritizing vulnerabilities for remediation. The relevant company security policies are shown below:
Security Policy 1006: Vulnerability Management
1. The Company shall use the CVSSv3.1 Base Score Metrics (Exploitability and Impact) to prioritize the remediation of security vulnerabilities.
2. In situations where a choice must be made between confidentiality and availability, the Company shall prioritize confidentiality of data over availability of systems and data.
3. The Company shall prioritize patching of publicly available systems and services over patching of internally available system.
According to the security policy, which of the following vulnerabilities should be the highest priority to patch?

A. Name: THOR.HAMMER -
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Internal System
B. Name: CAP.SHIELD -
CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
External System
C. Name: LOKI.DAGGER -
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
External System
D. Name: THANOS.GAUNTLET -
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Internal System

Show Suggested Answer

Suggested Answer: B 🗳️

by kmordalv at July 24, 2023, 9:33 a.m.

Comments

Submit Cancel

kmordalv

Highly Voted 1 year, 9 months ago

Selected Answer: B

Based on the security policy and the CVSSv3.1 Base Scores, vulnerability B (CAP.SHIELD) with a high impact on confidentiality should be the highest priority to patch. It is an externally accessible system, and since confidentiality takes precedence over availability, it should be addressed before other vulnerabilities.

upvoted 11 times

...

maggie22

Highly Voted 5 months, 4 weeks ago

This was on my exam yesterday but the questions and names had change.

upvoted 5 times

...

CyberMom

Most Recent 2 months, 2 weeks ago

Selected Answer: B

external facing system is a priority and confidentiality is high, with no availability.

upvoted 1 times

...

Lilik

8 months, 2 weeks ago

B. in correct. here is the calculator with all the elements and extrenal elements has priority over internal in this example

upvoted 1 times

...

kazanrani

8 months, 2 weeks ago

B and D are the exact same thing😂

upvoted 2 times

voiddraco

8 months, 2 weeks ago

B is External facing and D is Internal facing.

upvoted 8 times

...

zee_Riddle

9 months, 1 week ago

Selected Answer: B

Answer is B based on the policy.

upvoted 1 times

...

BanesTech

1 year ago

Selected Answer: B

Based on the security policy's criteria, vulnerabilities B (CAP.SHIELD) and D (THANOS.GAUNTLET) have the highest priority in patching because they have the highest impact on confidentiality, which takes precedence over availability. B. CAP.SHIELD - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (External System) Exploitability: Low Impact: High (Confidentiality) Patching Priority: Highest D. THANOS.GAUNTLET - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (Internal System) Exploitability: Low Impact: High (Confidentiality) Patching Priority: Highest According to the policy, external systems should be prioritized over internal systems. Therefore, vulnerability B should be addressed first.

upvoted 1 times

BAMMRM

10 months ago

Yes. However, D shouldn't even be considered at this point because it is an INTERNAL system which does not take priority over an external facing one. So it is between B and C. When you look at option B, however, you see: /C:H which means the impact on confidentiality is high. Thus, B is your answer.

upvoted 1 times

...

user82

1 year, 2 months ago

Both B and D have the exact same CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N How do ya'll who chose B know for sure Cap.Shield is external and Thanos.Gauntlet is not ?

upvoted 2 times

user82

1 year, 2 months ago

Nevermind, it won't let me delete my comment. It says external the bottom.

upvoted 3 times

...

RobV

1 year, 4 months ago

Selected Answer: B

Answer is B

upvoted 1 times

...

Uncle_Lucifer

1 year, 7 months ago

Selected Answer: B

B. Answer came down to B vs D in C and I preference, but the third criteria puts more preference for external system over internal - therefore B.

upvoted 1 times

...

ms123451

1 year, 7 months ago

Selected Answer: B

According to policy, obviously B

upvoted 3 times

...

nmap_king_22

1 year, 7 months ago

Selected Answer: C

In the Common Vulnerability Scoring System (CVSS), "A:N" stands for "Availability: None." CAPS SHIELD is A:N According to the provided security policy, the highest priority for patching should be given to vulnerabilities that prioritize confidentiality of data over availability of systems and data. If there is a choice between these two factors, confidentiality takes precedence. Additionally, publicly available systems and services should be prioritized over internally available systems. Given these criteria, the vulnerability with the highest priority to patch is: C. Name: LOKI.DAGGER - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H External System

upvoted 2 times

kmordalv

1 year, 7 months ago

Are you sure? As stated in point 2 "In situations where a choice must be made between confidentiality and availability, the Company shall prioritize confidentiality of data over availability of systems and data"... This means that confidentiality should be given higher priority than availability. Since confidentiality in answer B is H and in answer C is N (none), the correct answer should be B.

upvoted 5 times

...

Uncle_Lucifer

1 year, 7 months ago

NO. Its either B or D. In this case since its external system preference over internal, then B is correct

upvoted 2 times

...

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam

Exam CS0-003 topic 1 question 8 discussion

Comments

kmordalv

maggie22

CyberMom

Lilik

kazanrani

voiddraco

zee_Riddle

BanesTech

BAMMRM

user82

user82

RobV

Uncle_Lucifer

ms123451

nmap_king_22

kmordalv

Uncle_Lucifer

SY0-701