CompTIA CySA+ (CS0-001) — Question 211

An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Management directed the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome is unchanged. Which of the following is the BEST logical control to address the failure?

Answer options

• A. Configure a script to automatically update the scanning tool.
• B. Manually validate that the existing update is being performed.
• C. Test vulnerability remediation in a sandbox before deploying.
• D. Configure vulnerability scans to run in credentialed mode.

Correct answer: A

Explanation

The correct answer is A because automating the update process ensures that the vulnerability scanner is always equipped with the latest signatures, preventing human error or oversight. Option B relies on manual checks, which can be prone to mistakes and may not be timely. Option C, while useful for testing, does not address the immediate need for up-to-date signatures, and D does not solve the underlying issue of the scanner's outdated signature database.