CompTIA Security+ (SY0-501) — Question 125

A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services.
The scan reports include the following critical-rated vulnerability: Title: Remote Command Execution vulnerability in web server Rating: Critical (CVSS 10.0)
Threat actor: any remote user of the web server

Confidence: certain -
Recommendation: apply vendor patches
Which of the following actions should the security analyst perform FIRST?

Answer options

• A. Escalate the issue to senior management.
• B. Apply organizational context to the risk rating.
• C. Organize for urgent out-of-cycle patching.
• D. Exploit the server to check whether it is a false positive.

Correct answer: B

Explanation

The correct answer is B because applying organizational context to the risk rating helps the security analyst understand the potential impact and prioritize actions effectively. Escalating the issue to senior management (A) might be necessary later but does not address the immediate technical assessment. Organizing urgent patching (C) is also crucial but should be based on an understanding of the risk. Exploiting the server (D) is not advisable as it could introduce additional risks without confirming the vulnerability's validity.