CompTIA PenTest+ (PT0-001) — Question 85

A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?

Answer options

• A. The client has applied a hot fix without updating the version.
• B. The threat landscape has significantly changed.
• C. The client has updated their codebase with new features.
• D. Thera are currently no known exploits for this vulnerability.

Correct answer: A

Explanation

The correct answer is A because applying a hot fix can mitigate the impact of a vulnerability, thus potentially reducing its severity rating. The other options do not directly explain the change in severity; for instance, changes in the threat landscape or updates to the codebase may not necessarily affect the vulnerability's severity rating as directly as a hot fix would.