CompTIA CySA+ (CS0-001) — Question 195

Scan results identify critical Apache vulnerabilities on a company's web servers. A security analyst believes many of these results are false positives because the web environment mostly consists of Windows servers.
Which of the following is the BEST method of verifying the scan results?

Answer options

• A. Run a service discovery scan on the identified servers.
• B. Refer to the identified servers in the asset inventory.
• C. Perform a top-ports scan against the identified servers.
• D. Review logs of each host in the SIEM.

Correct answer: A

Explanation

Running a service discovery scan on the identified servers will help confirm whether Apache services are actually running on those systems, thus validating or refuting the scan results. Referring to the asset inventory may not provide real-time service information, and a top-ports scan or reviewing SIEM logs may not directly indicate the presence of Apache vulnerabilities.