CompTIA CySA+ (CS0-001) — Question 203

A suite of three production servers that were originally configured identically underwent the same vulnerability scans. However, recent results revealed the three servers has different critical vulnerabilities. The servers are not accessible by the Internet, and AV programs have not detected any malware. The servers' syslog files do not show any unusual traffic since they were installed and are physically isolated in an off-site datacenter. Checksum testing of random executables does not reveal tampering. Which of the following scenarios is MOST likely?

Answer options

• A. Servers have not been scanned with the latest vulnerability signature
• B. Servers have been attacked by outsiders using zero-day vulnerabilities
• C. Servers were made by different manufacturers
• D. Servers have received different levels of attention during previous patch management events

Correct answer: D

Explanation

The correct answer is D because the differences in critical vulnerabilities are most likely due to inconsistent patch management practices across the servers. Since they were initially configured the same and isolated from external threats, factors like different attention during updates could lead to the observed discrepancies. The other options are less plausible given the servers' isolation and the lack of malware detection.