CompTIA CySA+ (CS0-001) — Question 86

A security analyst is reviewing output from a CVE-based vulnerability scanner. Before conducting the scan, the analyst was careful to select only Windows-based servers in a specific datacenter. The scan revealed that the datacenter includes 27 machines running Windows 2003 Server Edition (Win2003SE). In 2015, there were 36 new vulnerabilities discovered in the Win2003SE environment. Which of the following statements are MOST likely applicable? (Choose two.)

Answer options

• A. Remediation is likely to require some form of compensating control.
• B. Microsoft's published schedule for updates and patches for Win2003SE have continued uninterrupted.
• C. Third-party vendors have addressed all of the necessary updates and patches required by Win2003SE.
• D. The resulting report on the vulnerability scan should include some reference that the scan of the datacenter included 27 Win2003SE machines that should be scheduled for replacement and deactivation.
• E. Remediation of all Win2003SE machines requires changes to configuration settings and compensating controls to be made through Microsoft Security Center's Win2003SE Advanced Configuration Toolkit.

Correct answer: D

Explanation

Option D is correct because it highlights the necessity of addressing the outdated Win2003SE machines in the datacenter, indicating they should be replaced and deactivated due to their vulnerabilities. Options A, B, C, and E are incorrect as they either make assumptions about ongoing support or remediation processes that are not applicable to the unsupported Win2003SE environment.