Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Vulnerability Management practice sets

CS0-003 Vulnerability Management • Complete Question Bank

CS0-003 Vulnerability Management — All Questions With Answers

Complete CS0-003 Vulnerability Management question bank — all 0 questions with answers and detailed explanations.

139
Questions
Free
No signup
Certifications/CS0-003/Practice Test/Vulnerability Management/All Questions
Question 1easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing vulnerability scan results and notices that a critical vulnerability on a web server has a CVSS v3.1 base score of 9.8 with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which component of the CVSS vector indicates that the vulnerability can be exploited from a remote network?

Question 2easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is using the EPSS to prioritize vulnerabilities for remediation. EPSS is designed to estimate the likelihood that a vulnerability will be exploited in the wild. Which of the following best describes how EPSS should be used in vulnerability management?

Question 3mediummultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability assessment, a security analyst runs a scan using OpenVAS and reviews the results. One finding indicates a plugin with ID 12345 that detects a missing patch for CVE-2023-1234 on a Linux server. The server is a critical domain controller. Which step of the vulnerability lifecycle is the analyst currently performing?

Question 4mediummultiple choice
Read the full Vulnerability Management explanation →

A security team is implementing configuration management for a set of Linux servers in a non-DoD environment. They want to apply a security baseline that provides a balanced approach between security and operational efficiency. Which of the following would be most appropriate?

Question 5mediummultiple choice
Read the full Vulnerability Management explanation →

An organization uses a DAST tool to scan a web application. The scanner reports a finding where user input is reflected in the HTTP response without proper encoding. Which OWASP Top 10 category best describes this vulnerability?

Question 6mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is using Burp Suite to test an API endpoint. The analyst notices that the API returns detailed error messages when invalid input is provided, revealing database schema information. Which OWASP Top 10 category does this issue primarily relate to?

Question 7hardmultiple choice
Read the full Vulnerability Management explanation →

A security team is scanning container images with Trivy and finds a vulnerability with CVSS v3.1 vector AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability exists in a container running as a privileged container on a Kubernetes cluster. The team is prioritizing based on risk. Given the CVSS vector, which factor most significantly reduces the likelihood of exploitation in this context?

Question 8hardmultiple choice
Read the full Vulnerability Management explanation →

During a configuration compliance scan using OpenSCAP, a security analyst finds that several Windows servers have the 'Network access: Do not allow anonymous enumeration of SAM accounts' setting set to 'Disabled'. This finding corresponds to a CIS Benchmark recommendation. Which of the following describes the most appropriate remediation step for this finding?

Question 9easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst needs to verify that a critical patch was successfully applied to all endpoints in the organization after an emergency patch deployment. Which phase of the vulnerability lifecycle is the analyst performing?

Question 10mediummultiple choice
Read the full Vulnerability Management explanation →

A company uses Qualys to scan their internal network. The scan report shows a vulnerability with plugin output indicating that the server is running a version of Apache httpd vulnerable to CVE-2023-1234. The asset is a development web server that is not exposed to the internet. The CVSS score is 7.5 (High). However, the EPSS score is 0.001 (very low). Which of the following should be the primary factor in prioritizing this vulnerability?

Question 11hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is using Nessus to scan a network. The scan completes and reports a vulnerability with a CVSS v3.1 base score of 5.3 and vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is a low-information disclosure issue that reveals the server's internal IP address in HTTP headers. The asset is a public-facing web server. Which of the following best describes the risk level and appropriate response?

Question 12mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report from Rapid7 InsightVM. The report shows that a Tomcat server has a plugin finding indicating that the 'Server' header is set to 'Apache-Coyote/1.1', which reveals the server version. Which type of vulnerability does this represent?

Question 13mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is prioritizing vulnerabilities for a critical internet-facing application server. The analyst has CVSS scores, EPSS scores, and access to the CISA KEV catalog. Which TWO factors should the analyst consider as the most important for determining remediation priority? (Select TWO)

Question 14hardmulti select
Read the full Vulnerability Management explanation →

A security team is implementing container security scanning in their CI/CD pipeline. They want to scan container images for vulnerabilities and Kubernetes misconfigurations. Which THREE tools from the following list are best suited for this purpose? (Select THREE)

Question 15mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is configuring a compliance scanner to check Linux servers against the CIS Benchmark. The analyst wants to ensure that only foundational security configurations are enforced to avoid breaking production applications. Which TWO CIS Benchmark levels would be most appropriate for this environment? (Select TWO)

Question 16easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report and notices a plugin that identifies a critical vulnerability with a CVSS v3.1 base score of 9.8. The CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which attack vector is indicated?

Question 17mediummultiple choice
Read the full Vulnerability Management explanation →

A vulnerability management team is prioritizing remediation of several vulnerabilities. They have access to EPSS scores and the CISA KEV catalog. Which factor should they consider FIRST when deciding which vulnerability to remediate?

Question 18hardmultiple choice
Read the full Vulnerability Management explanation →

A cybersecurity analyst is configuring a vulnerability scanning policy for a mixed environment of Linux servers and Windows workstations. The analyst wants to minimize disruption to production services while ensuring comprehensive coverage. Which approach is BEST?

Question 19mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a DAST scan report for a web application. The report indicates a vulnerability where the application fails to properly validate user-supplied data before using it in a database query. This is most likely which type of vulnerability?

Question 20easymultiple choice
Read the full Vulnerability Management explanation →

Which tool is specifically designed to check Linux systems for compliance with security best practices and can be used for configuration auditing?

Question 21mediummultiple choice
Read the full Vulnerability Management explanation →

During a patch management process, a security analyst is testing a critical security patch in a staging environment. The patch is intended to fix a remote code execution vulnerability in a widely used application. What is the MOST important step before deploying to production?

Question 22hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is investigating a containerized environment. A scan using Trivy has identified a critical vulnerability in a container image. The container is running in a Kubernetes cluster with a Pod Security Policy that disallows privileged containers. Which additional concern should the analyst address?

Question 23mediummultiple choice
Read the full Vulnerability Management explanation →

A vulnerability scanner reports a finding with a CVSS v3.1 base score of 7.5 and vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. What does this indicate about the vulnerability?

Question 24easymultiple choice
Read the full Vulnerability Management explanation →

Which of the following is the BEST description of configuration drift?

Question 25mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is using OpenSCAP to perform a compliance scan against a set of RHEL servers. The analyst wants to ensure the servers comply with the CIS Benchmark Level 1 for Red Hat Enterprise Linux. What does Level 1 typically indicate?

Question 26hardmultiple choice
Read the full Vulnerability Management explanation →

During a web application penetration test using Burp Suite, a security analyst identifies that an API endpoint accepts a URL parameter that is used to fetch data from an external resource. The application does not validate or sanitize the parameter. This is most likely vulnerable to which attack?

Question 27mediummultiple choice
Read the full Vulnerability Management explanation →

A vulnerability management team is evaluating whether to apply a patch immediately or implement a compensating control. The patch is for a vulnerability in a legacy system that cannot be taken offline during business hours. The compensating control would involve restricting network access to the system. Which decision is MOST appropriate?

Question 28mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is performing a vulnerability assessment and needs to identify potential misconfigurations in a Kubernetes cluster. Which TWO of the following are common Kubernetes misconfigurations that should be checked? (Select TWO.)

Question 29hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is reviewing the output of a vulnerability scanner that uses CVSS v3.1. The analyst wants to understand the impact metrics. Which THREE of the following are impact metrics in the CVSS v3.1 base score? (Select THREE.)

Question 30easymulti select
Read the full Vulnerability Management explanation →

A security analyst is setting up a vulnerability management program and needs to select tools for container image scanning. Which THREE of the following are commonly used container image scanning tools? (Select THREE.)

Question 31mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst reviews a Nessus scan result for a web server. The plugin output indicates a critical vulnerability with CVSS v3.1 base score 9.8. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which of the following best describes the attack complexity?

Question 32mediummultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability scan, an analyst identifies a plugin that reports a vulnerability with a CVSS v3.1 base score of 7.5. The vector string includes AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Which of the following is the primary impact of this vulnerability?

Question 33easymultiple choice
Read the full Vulnerability Management explanation →

A vulnerability management team is prioritizing remediation of a list of vulnerabilities. They want to incorporate the likelihood of exploitation based on real-world exploit activity. Which of the following data sources should they use?

Question 34hardmultiple choice
Read the full Vulnerability Management explanation →

An analyst is reviewing a vulnerability scan report for a containerized application. The scan identifies a critical vulnerability in a base image used by multiple containers. The application is deployed in a Kubernetes cluster with network policies restricting ingress. The vulnerability has a CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). However, the EPSS score is 0.001 (0.1%). Which of the following should the analyst prioritize?

Question 35mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is configuring a vulnerability scan using OpenVAS. The scan should identify missing patches on Windows servers. Which of the following scan types should the analyst select?

Question 36easymultiple choice
Read the full Vulnerability Management explanation →

An organization uses CIS Benchmarks to secure its Linux servers. The security team applies Level 1 benchmarks. Which of the following best describes Level 1 CIS benchmarks?

Question 37mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a DAST scan result for a web application. The scanner reports a finding that allows an attacker to redirect users to a malicious site via a parameter in the URL. Which OWASP Top 10 category does this finding most likely belong to?

Question 38hardmultiple choice
Read the full Vulnerability Management explanation →

A vulnerability management team is evaluating a critical vulnerability in a legacy application that cannot be patched. The application is used by a small number of users internally. Which of the following is the best compensating control to reduce risk?

Question 39mediummultiple choice
Read the full Vulnerability Management explanation →

An analyst uses Trivy to scan a container image in a CI/CD pipeline. The scan identifies a vulnerability in an open-source library included in the image. The library is not used by the application code. Which of the following actions should the analyst recommend?

Question 40easymultiple choice
Read the full Vulnerability Management explanation →

Which of the following tools is specifically designed for compliance scanning against security benchmarks on Linux systems?

Question 41mediummultiple choice
Read the full Vulnerability Management explanation →

During a patch management process, a security analyst is testing a critical security patch in a staging environment. The patch causes a regression in a key business application. Which of the following should the analyst do next?

Question 42hardmultiple choice
Read the full Vulnerability Management explanation →

A cloud security analyst is reviewing a misconfiguration in an AWS S3 bucket that allows public read access. The bucket contains sensitive customer data. Which of the following CIS AWS Foundations Benchmark checks would most likely identify this issue?

Question 43mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is using Burp Suite to test a web application for vulnerabilities. Which TWO of the following are common web application vulnerabilities that can be detected using Burp Suite? (Select TWO)

Question 44hardmulti select
Read the full Vulnerability Management explanation →

A vulnerability management analyst is prioritizing vulnerabilities for remediation. The analyst has the following information for three vulnerabilities: CVE-2023-1: CVSS 9.8, EPSS 0.9, asset criticality high; CVE-2023-2: CVSS 7.5, EPSS 0.01, asset criticality low; CVE-2023-3: CVSS 5.0, EPSS 0.8, asset criticality medium. According to best practices, which THREE factors should the analyst consider when prioritizing? (Select THREE)

Question 45mediummulti select
Read the full Vulnerability Management explanation →

An organization is implementing security hardening for Kubernetes clusters. Which THREE of the following are common Kubernetes misconfigurations that should be addressed? (Select THREE)

Question 46mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report and finds a critical vulnerability with a CVSS v3.1 base score of 9.8. The vector string is: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which of the following best describes the attack vector and impact of this vulnerability?

Question 47easymultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability assessment, a security analyst uses a tool that identifies missing patches and misconfigurations based on CIS Benchmarks. Which of the following tools is specifically designed for compliance scanning against CIS benchmarks?

Question 48hardmultiple choice
Read the full Vulnerability Management explanation →

A security team discovers a critical vulnerability in a widely used software component. The vulnerability has a CVSS score of 9.0, but there is no known exploit or patch available yet. However, the software vendor has released a workaround. According to the vulnerability management lifecycle, which action should the team prioritize first?

Question 49mediummultiple choice
Read the full Vulnerability Management explanation →

A vulnerability scanner reports a plugin that identifies a web application vulnerability related to the failure to validate user input, allowing an attacker to inject malicious scripts that execute in other users' browsers. Which OWASP Top 10 category does this vulnerability fall under?

Question 50mediummultiple choice
Read the full Vulnerability Management explanation →

An analyst is prioritizing vulnerabilities for remediation. The vulnerability has a high CVSS score but is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog and has a low EPSS score. The affected asset is a publicly accessible web server handling sensitive customer data. Which factor should the analyst consider as most critical for prioritization?

Question 51easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is configuring a container image scanning tool to identify vulnerabilities in a Docker image before deployment. Which of the following tools is commonly used for container image scanning?

Question 52mediummultiple choice
Read the full Vulnerability Management explanation →

During a patch management process, an organization uses a staging environment to test patches before deployment. Which of the following is the primary purpose of patch testing in a staging environment?

Question 53hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan of a Kubernetes cluster. The scan reports that a container is running with privileged mode enabled. Which CIS Kubernetes Benchmark recommendation does this violation relate to?

Question 54easymultiple choice
Read the full Vulnerability Management explanation →

Which of the following vulnerability lifecycle phases involves verifying that a remediation has been successfully applied and that the vulnerability no longer exists?

Question 55mediummultiple choice
Read the full Vulnerability Management explanation →

An organization uses a DAST tool to test a web application for vulnerabilities. The tool sends specially crafted requests and analyzes responses. Which of the following vulnerabilities is a DAST tool most effective at identifying?

Question 56hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is evaluating a vulnerability with CVSS v3.1 base score: AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N. Which of the following best describes the scope and impact of this vulnerability?

Question 57mediummultiple choice
Read the full Vulnerability Management explanation →

An organization is implementing configuration management and decides to use CIS Benchmarks to harden their servers. They choose Level 1 benchmarks for most servers but Level 2 for highly sensitive systems. What is the key difference between Level 1 and Level 2 CIS benchmarks?

Question 58mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is conducting a vulnerability assessment on a cloud environment and needs to select a tool to scan for misconfigurations against the CIS AWS Foundations Benchmark. Which TWO of the following tools are capable of performing compliance scanning against cloud benchmarks? (Select TWO.)

Question 59hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is reviewing the results of a web application vulnerability scan and needs to identify the vulnerabilities that are part of the OWASP Top 10 (2021) category 'Injection'. Which THREE of the following vulnerabilities fall under this category? (Select THREE.)

Question 60mediummulti select
Read the full Vulnerability Management explanation →

A vulnerability management team is prioritizing vulnerabilities for remediation. They have a list of vulnerabilities with different characteristics. According to best practices, which TWO factors should be considered when prioritizing vulnerabilities? (Select TWO.)

Question 61easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing the results of a vulnerability scan. The analyst sees a plugin output that includes the CVSS vector string AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. What is the base score of this vulnerability?

Question 62mediummultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability assessment, a security analyst discovers a critical vulnerability affecting a legacy application that cannot be patched due to vendor end-of-life status. Which of the following is the BEST next step?

Question 63hardmultiple choice
Read the full Vulnerability Management explanation →

A security team is using EPSS scores and CISA KEV catalog to prioritize vulnerabilities. Which combination of factors would indicate the HIGHEST priority for remediation?

Question 64mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report and sees a finding for a web application with a CVSS v3.1 base score of 6.1. The vector string is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. Which OWASP Top 10 category does this vulnerability most likely belong to?

Question 65easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is configuring a container image scanning tool. Which of the following tools is specifically designed for container image vulnerability scanning?

Question 66mediummultiple choice
Read the full Vulnerability Management explanation →

A security team is implementing CIS Benchmarks for a Linux server. They need to choose between Level 1 and Level 2 benchmarks. Which of the following best describes Level 1 benchmarks?

Question 67hardmultiple choice
Read the full Vulnerability Management explanation →

During a web application penetration test, a security analyst uses a DAST tool and discovers that the application is vulnerable to Server-Side Request Forgery (SSRF). According to the OWASP Top 10 2021, under which category does SSRF fall?

Question 68mediummultiple choice
Read the full Vulnerability Management explanation →

A vulnerability management team has identified a critical vulnerability with a CVSS score of 9.8. The vulnerability affects a public-facing web server that handles sensitive customer data. The team decides to apply a patch immediately without going through the normal patch testing cycle. What type of patching procedure is this?

Question 69easymultiple choice
Read the full Vulnerability Management explanation →

An organization uses OpenSCAP for compliance scanning. What is the primary purpose of OpenSCAP?

Question 70mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a Kubernetes cluster configuration. Which of the following misconfigurations poses the MOST severe security risk?

Question 71hardmultiple choice
Read the full Vulnerability Management explanation →

A vulnerability scan identifies a plugin output for 'SMB Signing Disabled' on a Windows server. The CVSS v3.1 base score is 5.3 (Medium). The asset is a file server used only internally. The organization has decided not to enable SMB signing due to performance concerns. Which of the following is the BEST compensating control?

Question 72easymultiple choice
Read the full Vulnerability Management explanation →

Which vulnerability scanner is an open-source tool commonly used for network vulnerability scanning?

Question 73mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is reviewing the output of a vulnerability scan and sees a finding for a web application that uses a known vulnerable version of Apache Struts. Which TWO of the following actions should the analyst prioritize?

Question 74hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is performing a cloud security assessment for an AWS environment. Which THREE of the following configurations would be considered CIS AWS Foundations Benchmark violations?

Question 75mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is investigating a reported vulnerability in a web application. The team uses Burp Suite for DAST scanning. Which TWO of the following findings would be classified as injection vulnerabilities according to OWASP Top 10?

Question 76easymultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability scan, a security analyst identifies a critical vulnerability with a CVSS v3.1 base score of 9.8. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which component of this vector indicates that the vulnerability can be exploited without any user interaction?

Question 77mediummultiple choice
Read the full Vulnerability Management explanation →

A vulnerability management analyst is reviewing scan results from a recent Nessus scan. The analyst notices a plugin with the output: 'The remote host is missing a security patch for CVE-2023-1234. The patch was released by the vendor on 2023-05-01.' Which phase of the vulnerability lifecycle is the analyst currently performing?

Question 78hardmultiple choice
Read the full Vulnerability Management explanation →

An organization uses Qualys for vulnerability scanning. After a scan, the security team identifies a vulnerability with an EPSS score of 0.95 and that appears in the CISA KEV catalog. However, the affected asset is a non-critical development server with no internet access. According to the vulnerability lifecycle, what should be the analyst's NEXT action?

Question 79mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is configuring a vulnerability scanner for a new deployment. The scanner must be able to authenticate to targets to perform deep configuration audits against CIS Benchmarks. Which type of scan should the analyst configure?

Question 80mediummultiple choice
Read the full Vulnerability Management explanation →

During a web application security assessment using OWASP ZAP, a tester identifies that the application reflects user input in HTTP responses without proper encoding. Which OWASP Top 10 vulnerability category does this finding most likely belong to?

Question 81hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing the results of a container image scan using Trivy. The scan reports a critical vulnerability in a base image layer. The development team states that the vulnerability is not exploitable because the affected library is not used in the application. According to vulnerability management best practices, what should the analyst do?

Question 82easymultiple choice
Read the full Vulnerability Management explanation →

Which of the following vulnerability scanning tools is open source and commonly used for network vulnerability assessment?

Question 83mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is prioritizing vulnerabilities for remediation. One vulnerability has a CVSS v3.1 score of 7.5, an EPSS score of 0.02, and is not in the CISA KEV catalog. Another vulnerability has a CVSS score of 5.0, an EPSS score of 0.85, and is listed in the KEV catalog. Which vulnerability should be prioritized FIRST?

Question 84hardmultiple choice
Read the full Vulnerability Management explanation →

An organization uses OpenSCAP to perform compliance scanning against STIGs for DoD environments. A scan reveals that several systems are non-compliant with STIG ID: V-XXXXX requiring 'The system must disable the guest account.' The configuration drift detection tool shows that the guest account was re-enabled after a recent patch. What is the MOST effective course of action?

Question 85mediummultiple choice
Read the full Vulnerability Management explanation →

A web application security tester uses Burp Suite to test an API endpoint. The tester sends a request with a modified HTTP method and discovers that the API accepts DELETE requests on an endpoint that should only allow GET. This is an example of which OWASP Top 10 vulnerability?

Question 86easymultiple choice
Read the full Vulnerability Management explanation →

Which metric in the CVSS v3.1 base score indicates the level of access an attacker needs to exploit a vulnerability?

Question 87mediummultiple choice
Read the full Vulnerability Management explanation →

A company uses Lynis for compliance scanning on Linux servers. During a scan, Lynis reports that the system has world-writable files in critical directories. Which CIS Benchmark recommendation does this finding relate to?

Question 88mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is evaluating a Kubernetes cluster for misconfigurations. Which TWO of the following are common Kubernetes misconfigurations that increase security risk? (Select the two best answers.)

Question 89hardmulti select
Read the full Vulnerability Management explanation →

An organization is implementing a patch management process. Which THREE of the following are essential steps that should be included before deploying patches to production systems? (Select the three best answers.)

Question 90mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is using OpenVAS to scan a network. The scan identifies several vulnerabilities. Which TWO of the following are valid components of a CVSS v3.1 base score? (Select the two correct answers.)

Question 91mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst reviews a vulnerability scan report and identifies a critical vulnerability with a CVSS v3.1 base score of 9.8. The attack vector is 'Network', attack complexity is 'Low', privileges required is 'None', user interaction is 'None', scope is 'Unchanged', and all three CIA impacts are 'High'. Which additional factor should the analyst prioritize when deciding whether to apply a patch or a compensating control?

Question 92easymultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability assessment, a security analyst uses Nessus to scan a network. Which type of scan is most appropriate to identify live hosts and open ports without causing significant disruption?

Question 93hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report that includes a plugin output with the following CVSS v3.1 vector: AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H. Which of the following best describes the characteristics of this vulnerability?

Question 94mediummultiple choice
Read the full Vulnerability Management explanation →

A company is implementing a patch management process. Which of the following steps should be performed FIRST after a vendor releases a security patch for a critical vulnerability?

Question 95mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is configuring a compliance scan for a Linux server using CIS Benchmarks. The analyst must ensure the server meets Level 1 benchmarks. Which of the following is a characteristic of CIS Level 1 benchmarks?

Question 96hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is evaluating a containerized application for vulnerabilities. The analyst runs Trivy on the container image and finds several high-severity vulnerabilities in the base image. Which of the following is the most effective remediation strategy?

Question 97mediummultiple choice
Read the full Vulnerability Management explanation →

An organization wants to prioritize vulnerabilities based on the likelihood of exploitation. Which of the following sources provides a data-driven probability score for exploitation?

Question 98easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is using a DAST tool to test a web application. Which of the following vulnerabilities would the tool most likely identify?

Question 99mediummultiple choice
Read the full Vulnerability Management explanation →

An organization uses OpenSCAP to perform compliance scanning. The scan results indicate that a system fails to meet a STIG requirement. Which of the following best describes the purpose of STIGs?

Question 100hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst discovers a critical vulnerability in a web application that allows an attacker to trigger server-side requests from the application server. Which OWASP Top 10 category does this vulnerability belong to?

Question 101easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report and sees a plugin with a CVSS v3.1 base score of 7.5. The attack vector is 'Network', attack complexity is 'Low', privileges required is 'None', user interaction is 'None', scope is 'Unchanged', and the confidentiality impact is 'High', but integrity and availability impacts are 'None'. This vulnerability is best described as:

Question 102mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is using a container image scanner to identify vulnerabilities in a Kubernetes deployment. Which of the following tools is specifically designed for container image scanning?

Question 103mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is conducting a vulnerability assessment of a Kubernetes cluster. Which TWO of the following are common misconfigurations that could lead to security risks? (Select TWO.)

Question 104mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is prioritizing vulnerabilities for remediation. Which THREE factors from the CISA Known Exploited Vulnerabilities (KEV) catalog should the analyst consider? (Select THREE.)

Question 105hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is performing an API vulnerability test. Which THREE of the following are common API vulnerabilities according to OWASP? (Select THREE.)

Question 106easymultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability scan, a security analyst identifies a critical vulnerability with a CVSS v3.1 base score of 9.8. The attack vector is network, attack complexity is low, privileges required are none, user interaction is none, and the impact to confidentiality, integrity, and availability is high. Which CVSS vector string represents this vulnerability?

Question 107mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing the results of a vulnerability scan and notices that several vulnerabilities have high CVSS scores but low EPSS scores. The analyst also cross-references the CISA Known Exploited Vulnerabilities (KEV) catalog and finds that none of these vulnerabilities are listed. Which approach should the analyst take when prioritizing remediation?

Question 108hardmultiple choice
Read the full Vulnerability Management explanation →

A security team is implementing a patch management process for a large enterprise. They must ensure that patches are tested before deployment to production. The team has a staging environment that mirrors production. During patch testing, they discover that a critical security patch for a database server causes a performance degradation of 30% in a key application. What should the team do next?

Question 109mediummultiple choice
Read the full Vulnerability Management explanation →

An analyst is reviewing a Nessus scan report and sees a plugin result that indicates a web application is vulnerable to SQL injection. The plugin output includes the payload used and the database error message. Which OWASP Top 10 category does this vulnerability belong to?

Question 110mediummultiple choice
Read the full Vulnerability Management explanation →

A company uses a configuration management tool to enforce CIS Benchmarks on its servers. The security team wants to apply Level 1 benchmarks to all servers to achieve a baseline security posture. Which of the following best describes the difference between CIS Level 1 and Level 2 benchmarks?

Question 111hardmultiple choice
Read the full Vulnerability Management explanation →

A security analyst is investigating a Kubernetes cluster and finds that a container is running with securityContext.privileged: true. The container also has a hostPath mount that allows writing to the host filesystem. Which of the following best describes the primary risk of this configuration?

Question 112easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is using OpenVAS to perform a vulnerability scan of an internal network. The scan completes and generates a report listing several vulnerabilities. What is the next step in the vulnerability lifecycle?

Question 113mediummultiple choice
Read the full Vulnerability Management explanation →

An organization is implementing a patch management process and wants to track compliance. They deploy patches to a test group of systems before rolling out to the entire environment. After patching the test group, they run a vulnerability scan and find that 95% of the vulnerabilities are resolved. What should the organization do next?

Question 114mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a DAST report from Burp Suite for a web application. The report indicates a potential Server-Side Request Forgery (SSRF) vulnerability in a feature that fetches URLs. Which of the following is the most effective mitigation?

Question 115hardmultiple choice
Read the full Vulnerability Management explanation →

A cloud security team is using a container image scanning tool and finds a vulnerability in a base image used by many containers. The vulnerability is rated CVSS 7.5 and has a high EPSS score. However, rebuilding all containers with a patched base image will take significant time. What is the best immediate action?

Question 116mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is using Qualys to perform a vulnerability scan on a public-facing web server. The scan results show that the server is running an outdated version of Apache HTTP Server with multiple known vulnerabilities. The analyst checks the vendor security advisories and finds that a patch was released three months ago. However, the server is in a staging environment and not yet in production. What should the analyst recommend?

Question 117easymultiple choice
Read the full Vulnerability Management explanation →

Which of the following tools is specifically designed for compliance scanning against security benchmarks such as CIS and STIG?

Question 118mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is prioritizing vulnerabilities discovered during a scan. Which TWO factors should the analyst consider as part of business context to determine remediation priority? (Select TWO.)

Question 119hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is performing an API vulnerability test using OWASP ZAP. The analyst finds several issues. Which THREE of the following are common API vulnerabilities according to OWASP? (Select THREE.)

Question 120mediummulti select
Read the full Vulnerability Management explanation →

A security team is deploying a new web application and wants to ensure it follows secure configuration practices. Which THREE of the following are recommended configuration settings according to CIS benchmarks for web servers? (Select THREE.)

Question 121easymultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report and sees a critical finding with a CVSS v3.1 base score of 9.8. The vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which of the following best describes the attack vector component (AV:N)?

Question 122mediummultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability assessment, a security analyst discovers a web application that is vulnerable to SQL injection. The application is a legacy system that cannot be easily patched. The analyst recommends implementing a web application firewall (WAF) rule to block malicious SQL patterns. Which type of control does this represent?

Question 123hardmultiple choice
Read the full Vulnerability Management explanation →

A security team uses the Common Vulnerability Scoring System (CVSS) v3.1 to prioritize vulnerabilities. They find a vulnerability with a base score of 7.5 and vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. However, the asset is a public-facing web server with no backups. The team also checks the Exploit Prediction Scoring System (EPSS) and sees a score of 0.95 (95% probability of exploitation in the next 30 days). Which action should the team take first based on prioritizing by risk?

Question 124mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is configuring a container scanning tool to identify vulnerabilities in Docker images before deployment. Which of the following tools is specifically designed for container image vulnerability scanning?

Question 125easymultiple choice
Read the full Vulnerability Management explanation →

Which of the following best describes the purpose of the CISA Known Exploited Vulnerabilities (KEV) catalog in vulnerability management?

Question 126mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report and notices that a plugin output indicates a potential misconfiguration in a web server that allows directory listing. The analyst wants to verify this finding manually. Which of the following tools would be most appropriate to confirm the vulnerability?

Question 127hardmultiple choice
Read the full Vulnerability Management explanation →

During a vulnerability assessment of a Kubernetes cluster, a security analyst finds that a container is running with privileged mode enabled and has a hostPath mount that grants write access to the host's /var/log directory. Which of the following is the most significant security risk associated with this configuration?

Question 128mediummultiple choice
Read the full Vulnerability Management explanation →

An organization is implementing a patch management process for servers. Which of the following is a crucial step that should be performed before deploying patches to production servers?

Question 129mediummulti select
Read the full Vulnerability Management explanation →

A cybersecurity analyst is reviewing the configuration of a Linux server against CIS Benchmarks. The analyst notices that several settings deviate from the recommended baseline. Which TWO of the following are most likely to be considered Level 1 CIS Benchmark recommendations?

Question 130hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is conducting a dynamic application security testing (DAST) scan of a REST API. The scanner reports a potential Server-Side Request Forgery (SSRF) vulnerability. The analyst needs to confirm the finding manually. Which TWO of the following techniques are most appropriate for validating SSRF?

Question 131easymulti select
Read the full Vulnerability Management explanation →

A security analyst is using a vulnerability scanner to identify missing patches on Windows servers. The scanner uses plugins that reference Common Vulnerabilities and Exposures (CVE) identifiers. Which THREE of the following are components of a CVSS v3.1 base score vector?

Question 132mediummulti select
Read the full Vulnerability Management explanation →

A company uses a patch management tool to track compliance across its server fleet. The security team needs to prioritize vulnerabilities for patching. Which THREE factors should be considered when prioritizing?

Question 133hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is reviewing a compliance scan report for a DoD environment that uses Security Technical Implementation Guides (STIGs). The report indicates several failures. Which TWO of the following are likely STIG requirements for a Windows 10 system?

Question 134easymulti select
Read the full Vulnerability Management explanation →

A security analyst is selecting tools for vulnerability management. Which THREE of the following are vulnerability scanning tools?

Question 135mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is performing a web application security assessment and identifies a potential cross-site scripting (XSS) vulnerability. The application is critical to business operations. Which TWO of the following are appropriate immediate actions?

Question 136mediummultiple choice
Read the full Vulnerability Management explanation →

A security analyst is reviewing a vulnerability scan report and notices a critical vulnerability with a CVSS v3.1 base score of 9.8. The vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Which of the following best describes the attack vector and the scope impact?

Question 137mediummulti select
Read the full Vulnerability Management explanation →

A security analyst is prioritizing vulnerabilities for remediation. The analyst has identified several vulnerabilities with CVSS scores, but wants to incorporate additional context to ensure the most critical vulnerabilities are addressed first. Which TWO factors should the analyst consider beyond the CVSS base score? (Choose two.)

Question 138easymultiple choice
Read the full Vulnerability Management explanation →

An organization is implementing a patch management process. Which of the following is the BEST practice before deploying patches to production systems?

Question 139hardmulti select
Read the full Vulnerability Management explanation →

A security analyst is reviewing a containerized application for vulnerabilities. The analyst uses a container image scanner and identifies several issues. Which THREE of the following are common container and Kubernetes misconfigurations that the analyst should prioritize? (Choose three.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CS0-003 Practice Test 1 — 25 Questions→CS0-003 Practice Test 2 — 25 Questions→CS0-003 Practice Test 3 — 25 Questions→CS0-003 Practice Test 4 — 25 Questions→CS0-003 Practice Test 5 — 25 Questions→CS0-003 Practice Exam 1 — 20 Questions→CS0-003 Practice Exam 2 — 20 Questions→CS0-003 Practice Exam 3 — 20 Questions→CS0-003 Practice Exam 4 — 20 Questions→Free CS0-003 Practice Test 1 — 30 Questions→Free CS0-003 Practice Test 2 — 30 Questions→Free CS0-003 Practice Test 3 — 30 Questions→CS0-003 Practice Questions 1 — 50 Questions→CS0-003 Practice Questions 2 — 50 Questions→CS0-003 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security OperationsVulnerability ManagementIncident Response and ManagementReporting and Communication

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Vulnerability Management setsAll Vulnerability Management questionsCS0-003 Practice Hub