CompTIA Security+ (SY0-601) — Question 837

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Answer options

• A. Security patches were uninstalled due to user impact.
• B. An adversary altered the vulnerability scan reports
• C. A zero-day vulnerability was used to exploit the web server
• D. The scan reported a false negative for the vulnerability

Correct answer: A

Explanation

The correct answer is A because it's likely that security patches were removed to prevent user disruption, allowing the vulnerability to be exploited. Option B is incorrect as there's no evidence of report tampering, C is wrong since a zero-day vulnerability would not have been present in historical reports, and D is also incorrect because the existence of the vulnerability in past scans suggests it was not a false negative.