CompTIA CySA+ (CS0-001) — Question 186

A company has monthly scheduled windows for patching servers and applying configuration changes. Out-of-window changes can be done, but they are discouraged unless absolutely necessary. The systems administrator is reviewing the weekly vulnerability scan report that was just released. Which of the following vulnerabilities should the administrator fix without waiting for the next scheduled change window?

Answer options

• A. The administrator should fix dns (53/tcp). BIND "˜NAMED' is an open-source DNS server from ISC.org. The BIND-based NAMED server (or DNS servers) allow remote users to query for version and type information.
• B. The administrator should fix smtp (25/tcp). The remote SMTP server is insufficiently protected against relaying. This means spammers might be able to use the company's mail server to send their emails to the world.
• C. The administrator should fix http (80/tcp). An information leak occurs on Apache web servers with the UserDir module enabled, allowing an attacker to enumerate accounts by requesting access to home directories and monitoring the response.
• D. The administrator should fix http (80/tcp). The "˜greeting.cgi' script is installed. This CGI has a well-known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon.
• E. The administrator should fix general/tcp. The remote host does not discard TCP SYN packets that have the FIN flag set. Depending on the kind of firewall a company is using, an attacker may use this flaw to bypass its rules.

Correct answer: B

Explanation

The correct answer is B, as the vulnerability in the SMTP server poses an immediate risk of being exploited by spammers, potentially jeopardizing the company's reputation and email integrity. While vulnerabilities in options A, C, D, and E are serious, they do not present the same level of immediate risk as the SMTP relaying flaw.