CompTIA Cloud+ (CV0-002) — Question 134

A cloud security analyst recently performed a vulnerability scan on a web application server across all staging environments. The vulnerability scan determines the directory that houses web content is located on the same drive as the operating system. The analyst then attempts to mitigate the vulnerability in all staging environments. The vulnerability scan is performed again and produces the following results:

PROD -
Website XYZ web content is housed on the C: drive.

QA -
Website XYZ web content is housed on the G: drive.

DEV -
Website XYZ web content is housed on the G: drive.
Given this scenario, which of the following should the test results conclude about the vulnerability?

Answer options

• A. The mitigation results were unsuccessful, and the PROD staging environment requires remediation and/or mitigation.
• B. The mitigation results were unsuccessful, and the DEV staging environment requires remediation and/or mitigation.
• C. The mitigation results were unsuccessful, and each staging environment requires remediation and/or mitigation.
• D. The mitigation results were unsuccessful, and the QA staging environment requires remediation and/or mitigation.

Correct answer: B

Explanation

The correct answer is B because the DEV environment still has the web content on the G: drive, which poses a risk since it is not on a separate drive from the operating system. The PROD environment has not been remediated as it is still on the C: drive, but the question specifically asks about DEV. Options A, C, and D incorrectly suggest that other environments require remediation when only DEV is the focus of the question.