Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCS0-003DomainsVulnerability Management
CS0-003Free — No Signup

Vulnerability Management

Practice CS0-003 Vulnerability Management questions with full explanations on every answer.

139questions

Start practicing

Vulnerability Management — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CS0-003 Domains

Security OperationsVulnerability ManagementIncident Response and ManagementReporting and Communication

Practice Vulnerability Management questions

10Q20Q30Q50Q

All CS0-003 Vulnerability Management questions (139)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A security analyst is reviewing vulnerability scan results and notices that a critical vulnerability on a web server has a CVSS v3.1 base score of 9.8 with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which component of the CVSS vector indicates that the vulnerability can be exploited from a remote network?

2

A security analyst is using the EPSS to prioritize vulnerabilities for remediation. EPSS is designed to estimate the likelihood that a vulnerability will be exploited in the wild. Which of the following best describes how EPSS should be used in vulnerability management?

3

During a vulnerability assessment, a security analyst runs a scan using OpenVAS and reviews the results. One finding indicates a plugin with ID 12345 that detects a missing patch for CVE-2023-1234 on a Linux server. The server is a critical domain controller. Which step of the vulnerability lifecycle is the analyst currently performing?

4

A security team is implementing configuration management for a set of Linux servers in a non-DoD environment. They want to apply a security baseline that provides a balanced approach between security and operational efficiency. Which of the following would be most appropriate?

5

An organization uses a DAST tool to scan a web application. The scanner reports a finding where user input is reflected in the HTTP response without proper encoding. Which OWASP Top 10 category best describes this vulnerability?

6

A security analyst is using Burp Suite to test an API endpoint. The analyst notices that the API returns detailed error messages when invalid input is provided, revealing database schema information. Which OWASP Top 10 category does this issue primarily relate to?

7

A security team is scanning container images with Trivy and finds a vulnerability with CVSS v3.1 vector AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability exists in a container running as a privileged container on a Kubernetes cluster. The team is prioritizing based on risk. Given the CVSS vector, which factor most significantly reduces the likelihood of exploitation in this context?

8

During a configuration compliance scan using OpenSCAP, a security analyst finds that several Windows servers have the 'Network access: Do not allow anonymous enumeration of SAM accounts' setting set to 'Disabled'. This finding corresponds to a CIS Benchmark recommendation. Which of the following describes the most appropriate remediation step for this finding?

9

A security analyst needs to verify that a critical patch was successfully applied to all endpoints in the organization after an emergency patch deployment. Which phase of the vulnerability lifecycle is the analyst performing?

10

A company uses Qualys to scan their internal network. The scan report shows a vulnerability with plugin output indicating that the server is running a version of Apache httpd vulnerable to CVE-2023-1234. The asset is a development web server that is not exposed to the internet. The CVSS score is 7.5 (High). However, the EPSS score is 0.001 (very low). Which of the following should be the primary factor in prioritizing this vulnerability?

11

A security analyst is using Nessus to scan a network. The scan completes and reports a vulnerability with a CVSS v3.1 base score of 5.3 and vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is a low-information disclosure issue that reveals the server's internal IP address in HTTP headers. The asset is a public-facing web server. Which of the following best describes the risk level and appropriate response?

12

A security analyst is reviewing a vulnerability scan report from Rapid7 InsightVM. The report shows that a Tomcat server has a plugin finding indicating that the 'Server' header is set to 'Apache-Coyote/1.1', which reveals the server version. Which type of vulnerability does this represent?

13

A security analyst is prioritizing vulnerabilities for a critical internet-facing application server. The analyst has CVSS scores, EPSS scores, and access to the CISA KEV catalog. Which TWO factors should the analyst consider as the most important for determining remediation priority? (Select TWO)

14

A security team is implementing container security scanning in their CI/CD pipeline. They want to scan container images for vulnerabilities and Kubernetes misconfigurations. Which THREE tools from the following list are best suited for this purpose? (Select THREE)

15

A security analyst is configuring a compliance scanner to check Linux servers against the CIS Benchmark. The analyst wants to ensure that only foundational security configurations are enforced to avoid breaking production applications. Which TWO CIS Benchmark levels would be most appropriate for this environment? (Select TWO)

16

A security analyst is reviewing a vulnerability scan report and notices a plugin that identifies a critical vulnerability with a CVSS v3.1 base score of 9.8. The CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which attack vector is indicated?

17

A vulnerability management team is prioritizing remediation of several vulnerabilities. They have access to EPSS scores and the CISA KEV catalog. Which factor should they consider FIRST when deciding which vulnerability to remediate?

18

A cybersecurity analyst is configuring a vulnerability scanning policy for a mixed environment of Linux servers and Windows workstations. The analyst wants to minimize disruption to production services while ensuring comprehensive coverage. Which approach is BEST?

19

A security analyst is reviewing a DAST scan report for a web application. The report indicates a vulnerability where the application fails to properly validate user-supplied data before using it in a database query. This is most likely which type of vulnerability?

20

Which tool is specifically designed to check Linux systems for compliance with security best practices and can be used for configuration auditing?

21

During a patch management process, a security analyst is testing a critical security patch in a staging environment. The patch is intended to fix a remote code execution vulnerability in a widely used application. What is the MOST important step before deploying to production?

22

A security analyst is investigating a containerized environment. A scan using Trivy has identified a critical vulnerability in a container image. The container is running in a Kubernetes cluster with a Pod Security Policy that disallows privileged containers. Which additional concern should the analyst address?

23

A vulnerability scanner reports a finding with a CVSS v3.1 base score of 7.5 and vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. What does this indicate about the vulnerability?

24

Which of the following is the BEST description of configuration drift?

25

A security analyst is using OpenSCAP to perform a compliance scan against a set of RHEL servers. The analyst wants to ensure the servers comply with the CIS Benchmark Level 1 for Red Hat Enterprise Linux. What does Level 1 typically indicate?

26

During a web application penetration test using Burp Suite, a security analyst identifies that an API endpoint accepts a URL parameter that is used to fetch data from an external resource. The application does not validate or sanitize the parameter. This is most likely vulnerable to which attack?

27

A vulnerability management team is evaluating whether to apply a patch immediately or implement a compensating control. The patch is for a vulnerability in a legacy system that cannot be taken offline during business hours. The compensating control would involve restricting network access to the system. Which decision is MOST appropriate?

28

A security analyst is performing a vulnerability assessment and needs to identify potential misconfigurations in a Kubernetes cluster. Which TWO of the following are common Kubernetes misconfigurations that should be checked? (Select TWO.)

29

A security analyst is reviewing the output of a vulnerability scanner that uses CVSS v3.1. The analyst wants to understand the impact metrics. Which THREE of the following are impact metrics in the CVSS v3.1 base score? (Select THREE.)

30

A security analyst is setting up a vulnerability management program and needs to select tools for container image scanning. Which THREE of the following are commonly used container image scanning tools? (Select THREE.)

31

A security analyst reviews a Nessus scan result for a web server. The plugin output indicates a critical vulnerability with CVSS v3.1 base score 9.8. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which of the following best describes the attack complexity?

32

During a vulnerability scan, an analyst identifies a plugin that reports a vulnerability with a CVSS v3.1 base score of 7.5. The vector string includes AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Which of the following is the primary impact of this vulnerability?

33

A vulnerability management team is prioritizing remediation of a list of vulnerabilities. They want to incorporate the likelihood of exploitation based on real-world exploit activity. Which of the following data sources should they use?

34

An analyst is reviewing a vulnerability scan report for a containerized application. The scan identifies a critical vulnerability in a base image used by multiple containers. The application is deployed in a Kubernetes cluster with network policies restricting ingress. The vulnerability has a CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). However, the EPSS score is 0.001 (0.1%). Which of the following should the analyst prioritize?

35

A security analyst is configuring a vulnerability scan using OpenVAS. The scan should identify missing patches on Windows servers. Which of the following scan types should the analyst select?

36

An organization uses CIS Benchmarks to secure its Linux servers. The security team applies Level 1 benchmarks. Which of the following best describes Level 1 CIS benchmarks?

37

A security analyst is reviewing a DAST scan result for a web application. The scanner reports a finding that allows an attacker to redirect users to a malicious site via a parameter in the URL. Which OWASP Top 10 category does this finding most likely belong to?

38

A vulnerability management team is evaluating a critical vulnerability in a legacy application that cannot be patched. The application is used by a small number of users internally. Which of the following is the best compensating control to reduce risk?

39

An analyst uses Trivy to scan a container image in a CI/CD pipeline. The scan identifies a vulnerability in an open-source library included in the image. The library is not used by the application code. Which of the following actions should the analyst recommend?

40

Which of the following tools is specifically designed for compliance scanning against security benchmarks on Linux systems?

41

During a patch management process, a security analyst is testing a critical security patch in a staging environment. The patch causes a regression in a key business application. Which of the following should the analyst do next?

42

A cloud security analyst is reviewing a misconfiguration in an AWS S3 bucket that allows public read access. The bucket contains sensitive customer data. Which of the following CIS AWS Foundations Benchmark checks would most likely identify this issue?

43

A security analyst is using Burp Suite to test a web application for vulnerabilities. Which TWO of the following are common web application vulnerabilities that can be detected using Burp Suite? (Select TWO)

44

A vulnerability management analyst is prioritizing vulnerabilities for remediation. The analyst has the following information for three vulnerabilities: CVE-2023-1: CVSS 9.8, EPSS 0.9, asset criticality high; CVE-2023-2: CVSS 7.5, EPSS 0.01, asset criticality low; CVE-2023-3: CVSS 5.0, EPSS 0.8, asset criticality medium. According to best practices, which THREE factors should the analyst consider when prioritizing? (Select THREE)

45

An organization is implementing security hardening for Kubernetes clusters. Which THREE of the following are common Kubernetes misconfigurations that should be addressed? (Select THREE)

46

A security analyst is reviewing a vulnerability scan report and finds a critical vulnerability with a CVSS v3.1 base score of 9.8. The vector string is: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which of the following best describes the attack vector and impact of this vulnerability?

47

During a vulnerability assessment, a security analyst uses a tool that identifies missing patches and misconfigurations based on CIS Benchmarks. Which of the following tools is specifically designed for compliance scanning against CIS benchmarks?

48

A security team discovers a critical vulnerability in a widely used software component. The vulnerability has a CVSS score of 9.0, but there is no known exploit or patch available yet. However, the software vendor has released a workaround. According to the vulnerability management lifecycle, which action should the team prioritize first?

49

A vulnerability scanner reports a plugin that identifies a web application vulnerability related to the failure to validate user input, allowing an attacker to inject malicious scripts that execute in other users' browsers. Which OWASP Top 10 category does this vulnerability fall under?

50

An analyst is prioritizing vulnerabilities for remediation. The vulnerability has a high CVSS score but is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog and has a low EPSS score. The affected asset is a publicly accessible web server handling sensitive customer data. Which factor should the analyst consider as most critical for prioritization?

51

A security analyst is configuring a container image scanning tool to identify vulnerabilities in a Docker image before deployment. Which of the following tools is commonly used for container image scanning?

52

During a patch management process, an organization uses a staging environment to test patches before deployment. Which of the following is the primary purpose of patch testing in a staging environment?

53

A security analyst is reviewing a vulnerability scan of a Kubernetes cluster. The scan reports that a container is running with privileged mode enabled. Which CIS Kubernetes Benchmark recommendation does this violation relate to?

54

Which of the following vulnerability lifecycle phases involves verifying that a remediation has been successfully applied and that the vulnerability no longer exists?

55

An organization uses a DAST tool to test a web application for vulnerabilities. The tool sends specially crafted requests and analyzes responses. Which of the following vulnerabilities is a DAST tool most effective at identifying?

56

A security analyst is evaluating a vulnerability with CVSS v3.1 base score: AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N. Which of the following best describes the scope and impact of this vulnerability?

57

An organization is implementing configuration management and decides to use CIS Benchmarks to harden their servers. They choose Level 1 benchmarks for most servers but Level 2 for highly sensitive systems. What is the key difference between Level 1 and Level 2 CIS benchmarks?

58

A security analyst is conducting a vulnerability assessment on a cloud environment and needs to select a tool to scan for misconfigurations against the CIS AWS Foundations Benchmark. Which TWO of the following tools are capable of performing compliance scanning against cloud benchmarks? (Select TWO.)

59

A security analyst is reviewing the results of a web application vulnerability scan and needs to identify the vulnerabilities that are part of the OWASP Top 10 (2021) category 'Injection'. Which THREE of the following vulnerabilities fall under this category? (Select THREE.)

60

A vulnerability management team is prioritizing vulnerabilities for remediation. They have a list of vulnerabilities with different characteristics. According to best practices, which TWO factors should be considered when prioritizing vulnerabilities? (Select TWO.)

61

A security analyst is reviewing the results of a vulnerability scan. The analyst sees a plugin output that includes the CVSS vector string AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. What is the base score of this vulnerability?

62

During a vulnerability assessment, a security analyst discovers a critical vulnerability affecting a legacy application that cannot be patched due to vendor end-of-life status. Which of the following is the BEST next step?

63

A security team is using EPSS scores and CISA KEV catalog to prioritize vulnerabilities. Which combination of factors would indicate the HIGHEST priority for remediation?

64

A security analyst is reviewing a vulnerability scan report and sees a finding for a web application with a CVSS v3.1 base score of 6.1. The vector string is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. Which OWASP Top 10 category does this vulnerability most likely belong to?

65

A security analyst is configuring a container image scanning tool. Which of the following tools is specifically designed for container image vulnerability scanning?

66

A security team is implementing CIS Benchmarks for a Linux server. They need to choose between Level 1 and Level 2 benchmarks. Which of the following best describes Level 1 benchmarks?

67

During a web application penetration test, a security analyst uses a DAST tool and discovers that the application is vulnerable to Server-Side Request Forgery (SSRF). According to the OWASP Top 10 2021, under which category does SSRF fall?

68

A vulnerability management team has identified a critical vulnerability with a CVSS score of 9.8. The vulnerability affects a public-facing web server that handles sensitive customer data. The team decides to apply a patch immediately without going through the normal patch testing cycle. What type of patching procedure is this?

69

An organization uses OpenSCAP for compliance scanning. What is the primary purpose of OpenSCAP?

70

A security analyst is reviewing a Kubernetes cluster configuration. Which of the following misconfigurations poses the MOST severe security risk?

71

A vulnerability scan identifies a plugin output for 'SMB Signing Disabled' on a Windows server. The CVSS v3.1 base score is 5.3 (Medium). The asset is a file server used only internally. The organization has decided not to enable SMB signing due to performance concerns. Which of the following is the BEST compensating control?

72

Which vulnerability scanner is an open-source tool commonly used for network vulnerability scanning?

73

A security analyst is reviewing the output of a vulnerability scan and sees a finding for a web application that uses a known vulnerable version of Apache Struts. Which TWO of the following actions should the analyst prioritize?

74

A security analyst is performing a cloud security assessment for an AWS environment. Which THREE of the following configurations would be considered CIS AWS Foundations Benchmark violations?

75

A security analyst is investigating a reported vulnerability in a web application. The team uses Burp Suite for DAST scanning. Which TWO of the following findings would be classified as injection vulnerabilities according to OWASP Top 10?

76

During a vulnerability scan, a security analyst identifies a critical vulnerability with a CVSS v3.1 base score of 9.8. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which component of this vector indicates that the vulnerability can be exploited without any user interaction?

77

A vulnerability management analyst is reviewing scan results from a recent Nessus scan. The analyst notices a plugin with the output: 'The remote host is missing a security patch for CVE-2023-1234. The patch was released by the vendor on 2023-05-01.' Which phase of the vulnerability lifecycle is the analyst currently performing?

78

An organization uses Qualys for vulnerability scanning. After a scan, the security team identifies a vulnerability with an EPSS score of 0.95 and that appears in the CISA KEV catalog. However, the affected asset is a non-critical development server with no internet access. According to the vulnerability lifecycle, what should be the analyst's NEXT action?

79

A security analyst is configuring a vulnerability scanner for a new deployment. The scanner must be able to authenticate to targets to perform deep configuration audits against CIS Benchmarks. Which type of scan should the analyst configure?

80

During a web application security assessment using OWASP ZAP, a tester identifies that the application reflects user input in HTTP responses without proper encoding. Which OWASP Top 10 vulnerability category does this finding most likely belong to?

81

A security analyst is reviewing the results of a container image scan using Trivy. The scan reports a critical vulnerability in a base image layer. The development team states that the vulnerability is not exploitable because the affected library is not used in the application. According to vulnerability management best practices, what should the analyst do?

82

Which of the following vulnerability scanning tools is open source and commonly used for network vulnerability assessment?

83

A security analyst is prioritizing vulnerabilities for remediation. One vulnerability has a CVSS v3.1 score of 7.5, an EPSS score of 0.02, and is not in the CISA KEV catalog. Another vulnerability has a CVSS score of 5.0, an EPSS score of 0.85, and is listed in the KEV catalog. Which vulnerability should be prioritized FIRST?

84

An organization uses OpenSCAP to perform compliance scanning against STIGs for DoD environments. A scan reveals that several systems are non-compliant with STIG ID: V-XXXXX requiring 'The system must disable the guest account.' The configuration drift detection tool shows that the guest account was re-enabled after a recent patch. What is the MOST effective course of action?

85

A web application security tester uses Burp Suite to test an API endpoint. The tester sends a request with a modified HTTP method and discovers that the API accepts DELETE requests on an endpoint that should only allow GET. This is an example of which OWASP Top 10 vulnerability?

86

Which metric in the CVSS v3.1 base score indicates the level of access an attacker needs to exploit a vulnerability?

87

A company uses Lynis for compliance scanning on Linux servers. During a scan, Lynis reports that the system has world-writable files in critical directories. Which CIS Benchmark recommendation does this finding relate to?

88

A security analyst is evaluating a Kubernetes cluster for misconfigurations. Which TWO of the following are common Kubernetes misconfigurations that increase security risk? (Select the two best answers.)

89

An organization is implementing a patch management process. Which THREE of the following are essential steps that should be included before deploying patches to production systems? (Select the three best answers.)

90

A security analyst is using OpenVAS to scan a network. The scan identifies several vulnerabilities. Which TWO of the following are valid components of a CVSS v3.1 base score? (Select the two correct answers.)

91

A security analyst reviews a vulnerability scan report and identifies a critical vulnerability with a CVSS v3.1 base score of 9.8. The attack vector is 'Network', attack complexity is 'Low', privileges required is 'None', user interaction is 'None', scope is 'Unchanged', and all three CIA impacts are 'High'. Which additional factor should the analyst prioritize when deciding whether to apply a patch or a compensating control?

92

During a vulnerability assessment, a security analyst uses Nessus to scan a network. Which type of scan is most appropriate to identify live hosts and open ports without causing significant disruption?

93

A security analyst is reviewing a vulnerability scan report that includes a plugin output with the following CVSS v3.1 vector: AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H. Which of the following best describes the characteristics of this vulnerability?

94

A company is implementing a patch management process. Which of the following steps should be performed FIRST after a vendor releases a security patch for a critical vulnerability?

95

A security analyst is configuring a compliance scan for a Linux server using CIS Benchmarks. The analyst must ensure the server meets Level 1 benchmarks. Which of the following is a characteristic of CIS Level 1 benchmarks?

96

A security analyst is evaluating a containerized application for vulnerabilities. The analyst runs Trivy on the container image and finds several high-severity vulnerabilities in the base image. Which of the following is the most effective remediation strategy?

97

An organization wants to prioritize vulnerabilities based on the likelihood of exploitation. Which of the following sources provides a data-driven probability score for exploitation?

98

A security analyst is using a DAST tool to test a web application. Which of the following vulnerabilities would the tool most likely identify?

99

An organization uses OpenSCAP to perform compliance scanning. The scan results indicate that a system fails to meet a STIG requirement. Which of the following best describes the purpose of STIGs?

100

A security analyst discovers a critical vulnerability in a web application that allows an attacker to trigger server-side requests from the application server. Which OWASP Top 10 category does this vulnerability belong to?

101

A security analyst is reviewing a vulnerability scan report and sees a plugin with a CVSS v3.1 base score of 7.5. The attack vector is 'Network', attack complexity is 'Low', privileges required is 'None', user interaction is 'None', scope is 'Unchanged', and the confidentiality impact is 'High', but integrity and availability impacts are 'None'. This vulnerability is best described as:

102

A security analyst is using a container image scanner to identify vulnerabilities in a Kubernetes deployment. Which of the following tools is specifically designed for container image scanning?

103

A security analyst is conducting a vulnerability assessment of a Kubernetes cluster. Which TWO of the following are common misconfigurations that could lead to security risks? (Select TWO.)

104

A security analyst is prioritizing vulnerabilities for remediation. Which THREE factors from the CISA Known Exploited Vulnerabilities (KEV) catalog should the analyst consider? (Select THREE.)

105

A security analyst is performing an API vulnerability test. Which THREE of the following are common API vulnerabilities according to OWASP? (Select THREE.)

106

During a vulnerability scan, a security analyst identifies a critical vulnerability with a CVSS v3.1 base score of 9.8. The attack vector is network, attack complexity is low, privileges required are none, user interaction is none, and the impact to confidentiality, integrity, and availability is high. Which CVSS vector string represents this vulnerability?

107

A security analyst is reviewing the results of a vulnerability scan and notices that several vulnerabilities have high CVSS scores but low EPSS scores. The analyst also cross-references the CISA Known Exploited Vulnerabilities (KEV) catalog and finds that none of these vulnerabilities are listed. Which approach should the analyst take when prioritizing remediation?

108

A security team is implementing a patch management process for a large enterprise. They must ensure that patches are tested before deployment to production. The team has a staging environment that mirrors production. During patch testing, they discover that a critical security patch for a database server causes a performance degradation of 30% in a key application. What should the team do next?

109

An analyst is reviewing a Nessus scan report and sees a plugin result that indicates a web application is vulnerable to SQL injection. The plugin output includes the payload used and the database error message. Which OWASP Top 10 category does this vulnerability belong to?

110

A company uses a configuration management tool to enforce CIS Benchmarks on its servers. The security team wants to apply Level 1 benchmarks to all servers to achieve a baseline security posture. Which of the following best describes the difference between CIS Level 1 and Level 2 benchmarks?

111

A security analyst is investigating a Kubernetes cluster and finds that a container is running with securityContext.privileged: true. The container also has a hostPath mount that allows writing to the host filesystem. Which of the following best describes the primary risk of this configuration?

112

A security analyst is using OpenVAS to perform a vulnerability scan of an internal network. The scan completes and generates a report listing several vulnerabilities. What is the next step in the vulnerability lifecycle?

113

An organization is implementing a patch management process and wants to track compliance. They deploy patches to a test group of systems before rolling out to the entire environment. After patching the test group, they run a vulnerability scan and find that 95% of the vulnerabilities are resolved. What should the organization do next?

114

A security analyst is reviewing a DAST report from Burp Suite for a web application. The report indicates a potential Server-Side Request Forgery (SSRF) vulnerability in a feature that fetches URLs. Which of the following is the most effective mitigation?

115

A cloud security team is using a container image scanning tool and finds a vulnerability in a base image used by many containers. The vulnerability is rated CVSS 7.5 and has a high EPSS score. However, rebuilding all containers with a patched base image will take significant time. What is the best immediate action?

116

A security analyst is using Qualys to perform a vulnerability scan on a public-facing web server. The scan results show that the server is running an outdated version of Apache HTTP Server with multiple known vulnerabilities. The analyst checks the vendor security advisories and finds that a patch was released three months ago. However, the server is in a staging environment and not yet in production. What should the analyst recommend?

117

Which of the following tools is specifically designed for compliance scanning against security benchmarks such as CIS and STIG?

118

A security analyst is prioritizing vulnerabilities discovered during a scan. Which TWO factors should the analyst consider as part of business context to determine remediation priority? (Select TWO.)

119

A security analyst is performing an API vulnerability test using OWASP ZAP. The analyst finds several issues. Which THREE of the following are common API vulnerabilities according to OWASP? (Select THREE.)

120

A security team is deploying a new web application and wants to ensure it follows secure configuration practices. Which THREE of the following are recommended configuration settings according to CIS benchmarks for web servers? (Select THREE.)

121

A security analyst is reviewing a vulnerability scan report and sees a critical finding with a CVSS v3.1 base score of 9.8. The vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which of the following best describes the attack vector component (AV:N)?

122

During a vulnerability assessment, a security analyst discovers a web application that is vulnerable to SQL injection. The application is a legacy system that cannot be easily patched. The analyst recommends implementing a web application firewall (WAF) rule to block malicious SQL patterns. Which type of control does this represent?

123

A security team uses the Common Vulnerability Scoring System (CVSS) v3.1 to prioritize vulnerabilities. They find a vulnerability with a base score of 7.5 and vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. However, the asset is a public-facing web server with no backups. The team also checks the Exploit Prediction Scoring System (EPSS) and sees a score of 0.95 (95% probability of exploitation in the next 30 days). Which action should the team take first based on prioritizing by risk?

124

A security analyst is configuring a container scanning tool to identify vulnerabilities in Docker images before deployment. Which of the following tools is specifically designed for container image vulnerability scanning?

125

Which of the following best describes the purpose of the CISA Known Exploited Vulnerabilities (KEV) catalog in vulnerability management?

126

A security analyst is reviewing a vulnerability scan report and notices that a plugin output indicates a potential misconfiguration in a web server that allows directory listing. The analyst wants to verify this finding manually. Which of the following tools would be most appropriate to confirm the vulnerability?

127

During a vulnerability assessment of a Kubernetes cluster, a security analyst finds that a container is running with privileged mode enabled and has a hostPath mount that grants write access to the host's /var/log directory. Which of the following is the most significant security risk associated with this configuration?

128

An organization is implementing a patch management process for servers. Which of the following is a crucial step that should be performed before deploying patches to production servers?

129

A cybersecurity analyst is reviewing the configuration of a Linux server against CIS Benchmarks. The analyst notices that several settings deviate from the recommended baseline. Which TWO of the following are most likely to be considered Level 1 CIS Benchmark recommendations?

130

A security analyst is conducting a dynamic application security testing (DAST) scan of a REST API. The scanner reports a potential Server-Side Request Forgery (SSRF) vulnerability. The analyst needs to confirm the finding manually. Which TWO of the following techniques are most appropriate for validating SSRF?

131

A security analyst is using a vulnerability scanner to identify missing patches on Windows servers. The scanner uses plugins that reference Common Vulnerabilities and Exposures (CVE) identifiers. Which THREE of the following are components of a CVSS v3.1 base score vector?

132

A company uses a patch management tool to track compliance across its server fleet. The security team needs to prioritize vulnerabilities for patching. Which THREE factors should be considered when prioritizing?

133

A security analyst is reviewing a compliance scan report for a DoD environment that uses Security Technical Implementation Guides (STIGs). The report indicates several failures. Which TWO of the following are likely STIG requirements for a Windows 10 system?

134

A security analyst is selecting tools for vulnerability management. Which THREE of the following are vulnerability scanning tools?

135

A security analyst is performing a web application security assessment and identifies a potential cross-site scripting (XSS) vulnerability. The application is critical to business operations. Which TWO of the following are appropriate immediate actions?

136

A security analyst is reviewing a vulnerability scan report and notices a critical vulnerability with a CVSS v3.1 base score of 9.8. The vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which of the following best describes the attack vector and the scope impact?

137

A security analyst is prioritizing vulnerabilities for remediation. The analyst has identified several vulnerabilities with CVSS scores, but wants to incorporate additional context to ensure the most critical vulnerabilities are addressed first. Which TWO factors should the analyst consider beyond the CVSS base score? (Choose two.)

138

An organization is implementing a patch management process. Which of the following is the BEST practice before deploying patches to production systems?

139

A security analyst is reviewing a containerized application for vulnerabilities. The analyst uses a container image scanner and identifies several issues. Which THREE of the following are common container and Kubernetes misconfigurations that the analyst should prioritize? (Choose three.)

Practice all 139 Vulnerability Management questions

Other CS0-003 exam domains

Security OperationsIncident Response and ManagementReporting and Communication

Frequently asked questions

What does the Vulnerability Management domain cover on the CS0-003 exam?

The Vulnerability Management domain covers the key concepts tested in this area of the CS0-003 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CS0-003 domains — no account required.

How many Vulnerability Management questions are in the CS0-003 question bank?

The Courseiva CS0-003 question bank contains 139 questions in the Vulnerability Management domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Vulnerability Management for CS0-003?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Vulnerability Management questions for CS0-003?

Yes — the session launcher on this page draws questions exclusively from the Vulnerability Management domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CS0-003 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

SY0-701CAS-004PT0-002CEH