CompTIA Security+ · SY0-701

Objective 4.3: Explain various activities associated with vulnerability management

Practice questions for Security+ objective 4.3, Explain various activities associated with vulnerability management.” Every question is original, written to the SY0-701 exam objectives, and comes with a full explanation — answer them below to see instant grading.

This objective sits in Domain 4.0: Security Operations, which is about 28% of the exam — so mastering it moves your readiness score meaningfully.

1.A security analyst runs an authenticated vulnerability scan against a production web application server and receives a report showing 14 critical findings. Before escalating to the remediation team, the analyst cross-references the findings against the organization's asset inventory and confirms the server is running a hardened OS image with several services disabled that the scanner assumed were present. Three of the 14 critical findings relate to services that are not actually installed. What term describes these three findings, and what is the analyst's correct next action?

2.Which CVSS metric reflects how much of the affected system an attacker can control if the vulnerability is successfully exploited?

3.A security analyst is investigating an alert that fired when a known malicious IP address appeared as a destination in network traffic logs. The analyst needs to determine whether the connection was initiated by a user browsing to a malicious site, by malware running on the endpoint beaconing to a C2 server, or by an automated process such as a scheduled task or service. Which data source most directly distinguishes between these three scenarios at the endpoint level?

4.An analyst is investigating a suspected compromise of a Windows workstation. A threat intelligence report indicates the suspected malware family achieves persistence by modifying scheduled tasks and communicates with its C2 server using HTTPS over port 443 to blend with normal web traffic. The analyst needs to determine whether the malware is present and actively running on the workstation. Which combination of data sources most directly addresses both the persistence mechanism and the active C2 communication?

5.A company wants to understand whether a newly disclosed vulnerability in a third-party library is present in its production applications. Which approach MOST efficiently identifies affected systems?

Practice every objective, adaptively

CertBench tracks your score on 4.3 and every other objective, then builds a daily plan that targets your weakest spots. Start with the free diagnostic.

Take the free diagnostic

More objectives in Domain 4.0

← All Security+ practice questions