CompTIA Security+ (SY0-501) — Question 64
Audit logs from a small company's vulnerability scanning software show the following findings:
Destinations scanned:
-Server001- Internal human resources payroll server
-Server101-Internet-facing web server
-Server201- SQL server for Server101
-Server301-Jumpbox used by systems administrators accessible from the internal network
Validated vulnerabilities found:
-Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server201-OS updates not fully current
-Server301- Accessible from internal network without the use of jumpbox
-Server301-Vulnerable to highly publicized exploit that can elevate user privileges
Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?
Answer options
- A. Server001
- B. Server101
- C. Server201
- D. Server301
Correct answer: B
Explanation
Server101 is an internet-facing web server and thus is directly exposed to external threats, making it the highest priority for addressing vulnerabilities. While Server001, Server201, and Server301 have vulnerabilities, they are not as immediately accessible to external attackers as Server101, which could lead to significant breaches if not secured.