CompTIA CySA+ (CS0-003) — Question 34

A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is a 9.8. Which of the following best practices should the company follow with this proxy?

Answer options

• A. Leave the proxy as is.
• B. Decomission the proxy.
• C. Migrate the proxy to the cloud.
• D. Patch the proxy.

Correct answer: B

Explanation

The best practice in this situation is to decommission the proxy (Option B) since it is no longer in use and poses a significant security risk due to its high CVE score. Leaving the proxy as is (Option A) could expose the company to vulnerabilities, while migrating it to the cloud (Option C) does not address the underlying issue. Patching the proxy (Option D) is unnecessary since it is not in operation.