Exam CAS-004 topic 1 question 176 discussion

Proof of Concept - Bloodhound anyone? Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Agree with Andre876, not all web servers are external-facing; in this example, a private IP is shown instead of a public one. Going also with B here.

Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts? Server1 NOT an Internet facing IP address Server2 CVSS score 6.5 [x] Internet facing IP address No known exploit (the exploit is only a proof-of-concept (POC) meaning that there is not yet a confirmed and publicly available method to exploit the vulnerability reliably) Server3 [CORRECT ANSWER] CVSS score 5.5 [x] Internet facing IP address [x] known exploit (indicating that there is a confirmed method available to exploit the vulnerability) Server4 NOT an Internet facing IP address

Priority Order: Server1 (high, internet-facing web server with a confirmed exploit) Server2 (high, DNS potentially Internet-facing, proof-of-concept exploit) Server3 (moderate, confirmed exploit but lower exposure and CVS score) Server4 (critical, no exploit available, internal system) info: https://www.techtarget.com/searchsecurity/definition/proof-of-concept-PoC-exploit

Server3 has a CVSS score of 5.5, is remotely executable, and has an available exploit. While Server3 is indeed an Internet-facing host (207.1.5.7), its CVSS score and the lack of a proof-of-concept exploit make it a lower priority compared to Server2. The higher score and available exploit for Server2 outweigh the concerns for Server3 in this scenario.

Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts? Server1 NOT an Internet facing IP address Server2 CVSS score 6.5 [x] Internet facing IP address No known exploit (the exploit is only a proof-of-concept (POC) meaning that there is not yet a confirmed and publicly available method to exploit the vulnerability reliably) Server3 [CORRECT ANSWER] CVSS score 5.5 [x] Internet facing IP address [x] known exploit (indicating that there is a confirmed method available to exploit the vulnerability) Server4 NOT an Internet facing IP address

Choice is between B and C only, due to the IP being external. Then, you need to assess if the exploit is known and active in the wild, which means it's Server 3, as Server 2 only has a Proof of Concept exploit. If both were Yes or POC, you would go with the higher CVS score, but not when one is a zero day (essentially) and the other is not.

Server 3 - email server is external facing and exploit is available, rather than just proof of concept (referencing server 2)

B is currently only listed as a proof of concept which indicates it isn't being actively exploited in the wild. Analysts have just shown that exploitation may be technically possible but no useful exploit has been developed or is being used for it. Patch C first as it is internet facing and active exploits are in the wild.

Though the severity score for Server2 is higher, it only has a Proof of Concept exploit, whereas Server3 has an actual known exploit available. It's a close call between Server2 and Server3 due to the available exploits and severity scores. However, since actual exploits (not just POCs) have a higher likelihood of being used in the wild, the most prudent choice would be: Answer: C. Server3.

I'm going C. Server 1 and Server 4 are not "Internet-Facing Hosts" and the second part of the question "patched first"....well Server 2 only has a PoC, it wouldn't have a patch available until the PoC has been verified.

I'm going with C. Server 1 and 2, while having higher CVSS have private IPs. Server 2 has a higher CVSS than 3, but the exploit is only POC, proof of concept. A POC is a demonstration of the feasibility of an exploit. Exploit = yes means there is a known exploit. So that means Server 3 is the highest priority internet facing server.

Yes B is the answer

B has external IP and higher vulnerability score compared to email server

due to the IP

I will go against everyone else and choose C, here's why: In a vulnerability assessment report, the "exploit" field is used to indicate whether or not a particular vulnerability can be exploited, or used to attack the system. The "Yes" value in this field indicates that the vulnerability can be exploited, while the "POC" (Proof of Concept) value indicates that a proof of concept for exploiting the vulnerability has been developed, but it is not known if the vulnerability can actually be exploited in a real-world attack. So the correct remediation priorities should be: 1) Server2 2) Server3 3) Server1 4) Server4

its B, because it has POC ready and has route-able IP