Question 1mediummultiple choice
Full question →SY0-701 · topic practice
Vulnerability Management practice questions
Use this page to practise SY0-701 Vulnerability Management practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
What the exam tests
What to know about Vulnerability Management
Vulnerability Management questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Practice set
Vulnerability Management questions
20 questions · select your answer, then reveal the explanation
Question 2mediummultiple choice
Full question →A critical vulnerability is discovered on an internet-facing VPN appliance that cannot be patched for six weeks because the vendor has not released a fix. The VPN service must remain available. What is the best operational response?
Question 3mediummultiple choice
Full question →A hospital's claims portal has two open risks. Risk A is an internet-facing login page with a low-severity software flaw, but monitoring shows a steady increase in automated login attempts. Risk B is an internal file share with a medium-severity patch gap, but only a small admin group can access it and no exploitation is observed. Leadership can fund only one remediation this month. Which risk should be prioritized first?
Question 4mediummultiple choice
Full question →A Linux host is patched, but the scanner still flags the package as vulnerable. The vendor advisory says the distribution backported the fix, so the package version did not change. What should the analyst do before closing the ticket?
Question 5mediummultiple choice
Full question →A monthly scan finds a critical remote-code-execution issue on an internet-facing VPN appliance. The vendor has released a fix, but the appliance can only be rebooted during the weekend maintenance window in five days. What is the BEST immediate action to lower risk until patching can occur?
Question 6mediummultiple choice
Full question →A monthly scan finds a critical remote-code-execution vulnerability on an internet-facing VPN appliance. The vendor has not released a patch for six weeks, but the service must stay online. Which short-term action is the best risk treatment?
Question 7mediummultiple choice
Full question →A public-facing file transfer server is running an appliance firmware version that is now end-of-life. The vendor has stated that no further security patches will be released. Management wants the best long-term fix before the next audit. What should be done?
Question 8mediummultiple choice
Full question →A scan keeps reporting the same medium-severity TLS configuration issue on a public web server. The application owner says the vendor software cannot be changed until next quarter, but they can place the service behind a reverse proxy that enforces stronger cipher settings. How should the issue be handled in the vulnerability management process?
Question 9mediummultiple choice
Full question →A scanner reports a critical vulnerability on an internal Linux server. The administrator confirms the vulnerable package is installed, but the affected feature is only enabled when an optional module is loaded, and that module is currently disabled. The server also requires downtime for patching. What is the best next step?
Question 10mediummultiple choice
Full question →A security analyst is reviewing the session management implementation of a web application. The application generates session tokens by computing the MD5 hash of the concatenation of the username and the current server timestamp rounded to the nearest hour. An attacker has obtained a valid session token for her own account and discovers that she can forge tokens for other users by simply substituting the username in the hash calculation with a known target username. Which type of attack is the web application most vulnerable to?
Question 11mediummultiple choice
Full question →A security manager is leading a risk assessment for the organization. The team identifies a legacy application that contains a known critical vulnerability. The vendor has discontinued support and no patch is available. The manager calculates that the annualized loss expectancy (ALE) for exploiting this vulnerability is $50,000. Implementing a third-party web application firewall (WAF) as a compensating control would cost $80,000 per year. The organization's leadership decides that accepting the risk is the most cost-effective approach. Which of the following documents should the security manager update to formally record this risk acceptance decision and obtain the necessary sign-off?
Question 12easymultiple choice
Full question →A security scan finds a critical patch missing on a public-facing web server. The patch has already been tested in the lab and approved for deployment. What should the operations team do next?
Question 13easymultiple choice
Full question →A small internal reporting server has a low-severity vulnerability. Fixing it now would require several hours of downtime, while the business impact of exploitation is considered low. What is the BEST risk treatment for this situation?
Question 14easymultiple choice
Full question →A vendor-supported application cannot be patched for 30 days, but the business must keep it online. What is the best short-term risk treatment?
Question 15mediummultiple choice
Full question →A vulnerability dashboard shows four new findings. Which one should be remediated first by the operations team?
- A low-severity issue on an offline lab VM - A medium-severity issue on a payroll server with no known exploit - A critical issue on an internet-facing web server with an available exploit - A high-severity issue on a test workstation that is not domain joined
Question 16easymultiple choice
Full question →A vulnerability scan finds a critical flaw on a public-facing server and a medium flaw on a lab system that is not connected to the production network. Which issue should be fixed first?
Question 17easymultiple choice
Full question →A vulnerability scan finds an administrative SSH service listening on 0.0.0.0 on a server that should be managed only from the internal network. What is the main security issue?
Question 18mediummultiple choice
Full question →A vulnerability scan finds that an administrative SSH service on a Linux server is listening on 0.0.0.0 and is reachable from the internet. The server is meant to be managed only from the internal admin subnet. What is the best remediation?
Question 19mediummultiple choice
Full question →A vulnerability scan of a branch-office print server finds that its administrative web console is reachable from the internet. The appliance is still using the vendor's default password, and no access control list limits management access to the office subnet or VPN. Which remediation would reduce risk the most with the least disruption?
Question 20hardmultiple choice
Full question →A vulnerability scan of a Linux application server reports these findings: OpenSSL 3.0.7 is flagged with a critical CVE, but the distribution vendor note says the fix was backported. Port 8443 is bound to all interfaces, yet a firewall blocks it from the internet. The internal admin console on that port still uses the default admin/admin credentials and is reachable from the corporate VLAN. Which issue should be remediated first?
Watch out for
Common Vulnerability Management exam traps
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Vulnerability Management sessions
Start a Vulnerability Management only practice session
Every question in these sessions is drawn from the Vulnerability Management domain — nothing else.
Related practice questions
Related SY0-701 topic practice pages
Move into related areas when this topic feels solid.
Security+ social engineering questions
Practise SY0-701 questions linked to Security+ social engineering questions.
Security+ cryptography practice questions
Practise SY0-701 questions linked to Security+ cryptography.
Security+ IAM questions
Practise SY0-701 questions linked to Security+ IAM questions.
Security+ risk management questions
Practise SY0-701 questions linked to Security+ risk management questions.
Security+ incident response questions
Practise SY0-701 questions linked to Security+ incident response questions.
Security+ malware questions
Practise SY0-701 questions linked to Security+ malware questions.
Security+ vulnerability management questions
Practise SY0-701 questions linked to Security+ vulnerability management questions.
Security+ security operations questions
Practise SY0-701 questions linked to Security+ security operations questions.
Security+ zero trust questions
Practise SY0-701 questions linked to Security+ zero trust questions.
Security+ authentication factors questions
Practise SY0-701 questions linked to Security+ authentication factors questions.
Frequently asked questions
- What does the SY0-701 exam test about Vulnerability Management?
- Vulnerability Management questions test whether you can apply the concept in context, not just recognise a definition.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Vulnerability Management questions in a focused session?
- Yes — the session launcher on this page draws every question from the Vulnerability Management domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other SY0-701 topics?
- Use the topic links above to move to related areas, or go back to the SY0-701 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the SY0-701 exam covers. They are not copied from any real exam or dump site.
Track your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.