CompTIA CySA+ (CS0-003) — Question 290

A security analyst working for an airline is prioritizing vulnerabilities found on a system. The system has the following requirements:

• Can store periodically audited documents required for takeoffs and landings
• Can keep critical records regarding the company’s operations
• Data can be made public upon request and authorization

Which of the following vulnerabilities should be remediated first?

Answer options

• A. A broken access control vulnerability impacting data integrity
• B. A heap overflow vulnerability impacting the system’s usability
• C. A DoS vulnerability impacting the system’s availability
• D. A zero-day vulnerability impacting the system’s confidentiality

Correct answer: A

Explanation

The correct answer is A because a broken access control vulnerability directly affects data integrity, which is crucial for the accurate handling of critical operational records and audited documents. The other vulnerabilities, while important, either impact usability, availability, or confidentiality, but do not compromise the integrity of the data as severely as option A.