A vulnerability dashboard shows four new findings. Which one should be remediated first by the operations team?
- A low-severity issue on an offline lab VM - A medium-severity issue on a payroll server with no known exploit - A critical issue on an internet-facing web server with an available exploit - A high-severity issue on a test workstation that is not domain joined
Answer choices
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
The low-severity issue on the offline lab VM.
It has the lowest business exposure and the least immediate likelihood of exploitation.
The medium-severity issue on the payroll server with no known exploit.
The asset is important, but the absence of an exploit lowers urgency compared with exposed critical flaws.
The critical issue on the internet-facing web server with an available exploit.
This combines high severity, public exposure, and active exploitability, making it the highest-priority risk.
The high-severity issue on the test workstation that is not domain joined.
It is less exposed and less business-critical than the internet-facing production server.
Common exam trap
Many certification questions include familiar terms but test a specific constraint. Read the exact wording before choosing an answer that is generally true but wrong for this case.
Technical deep dive
This question should be treated as a scenario, not a definition check. Identify the problem, the constraint and the best action. Then compare each option against those facts.
Related practice questions
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Practise SY0-701 questions linked to Security+ social engineering questions.
Practise SY0-701 questions linked to Security+ cryptography.
Practise SY0-701 questions linked to Security+ IAM questions.
Practise SY0-701 questions linked to Security+ risk management questions.
Practise SY0-701 questions linked to Security+ incident response questions.
Practise SY0-701 questions linked to Security+ malware questions.
Practise SY0-701 questions linked to Security+ vulnerability management questions.
Practise SY0-701 questions linked to Security+ security operations questions.
Practise SY0-701 questions linked to Security+ zero trust questions.
Practise SY0-701 questions linked to Security+ authentication factors questions.
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
Question 2
Question 3
Question 4
Question 5
Question 6
FAQ
Read the scenario before looking for a memorised answer.
The correct answer is: The critical issue on the internet-facing web server with an available exploit. — The internet-facing web server with a critical vulnerability and an available exploit should be remediated first. Vulnerability management is not based on severity alone; exposure, exploitability, and business impact all matter. A public-facing system with known exploit code presents a much higher immediate risk than isolated or test systems. Prioritizing that finding most effectively reduces the chance of compromise. Why others are wrong: The offline lab VM has minimal exposure. The payroll server matters, but without a known exploit its immediate risk is lower. The test workstation is not domain joined and is less consequential than a critical production service exposed to the internet. The most urgent item is the one attackers can realistically reach and exploit now.
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Sign in to join the discussion.