CompTIA SecurityX (CAS-005) — Question 169

An organization wants to create a threat model to identify vulnerabilities in its infrastructure. Which of the following should be prioritized first?

Answer options

• A. External-facing infrastructure with known exploited vulnerabilities
• B. Internal infrastructure with high-severity and known exploited vulnerabilities
• C. External-facing infrastructure with a low risk score and no known exploited vulnerabilities
• D. External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

Correct answer: A

Explanation

The correct answer is A because external-facing infrastructure that has known exploited vulnerabilities poses the highest risk and should be addressed first to prevent potential breaches. Options B, C, and D involve either internal systems or lower-risk scenarios that do not present as immediate a threat as option A.