CompTIA CySA+ (CS0-001) — Question 68

A security analyst has just completed a vulnerability scan of servers that support a business critical application that is managed by an outside vendor. The results of the scan indicate the devices are missing critical patches. Which of the following factors can inhibit remediation of these vulnerabilities? (Choose two.)

Answer options

• A. Inappropriate data classifications
• B. SLAs with the supporting vendor
• C. Business process interruption
• D. Required sandbox testing
• E. Incomplete asset inventory

Correct answer: C, D

Explanation

Options C and D are correct because disruptions in business processes can prevent timely updates and necessary sandbox testing can delay the remediation process as it requires a controlled environment to ensure that patches do not negatively impact operations. Options A, B, and E do not directly inhibit the remediation process in the same way, as they relate to classifications, agreements, and asset tracking rather than immediate patch management challenges.