CompTIA CySA+ (CS0-001) — Question 40

A threat intelligence feed has posted an alert stating there is a critical vulnerability in the kernel. Unfortunately, the company's asset inventory is not current. Which of the following techniques would a cybersecurity analyst perform to find all affected servers within an organization?

Answer options

• A. A manual log review from data sent to syslog
• B. An OS fingerprinting scan across all hosts
• C. A packet capture of data traversing the server network
• D. A service discovery scan on the network

Correct answer: B

Explanation

The correct answer is B, as OS fingerprinting scans allow for the identification of operating systems running on devices, helping to find all servers affected by the vulnerability. Option A, a manual log review, may not provide complete visibility into all affected systems. Option C, a packet capture, captures traffic but does not directly identify the operating systems or vulnerabilities. Option D, a service discovery scan, identifies services but may not accurately reveal the OS or its vulnerabilities.