Vulnerability Management — CompTIA CySA+ (CS0-003) Practice Questions
Vulnerability management is the structured process of discovering, prioritizing, and tracking security weaknesses across an organization's systems and applications. The CySA+ exam covers the full cycle, including credentialed and uncredentialed scanning, CVSS scoring, risk-based prioritization, and exception handling. Candidates must understand how to interpret scanner output, correlate findings with asset criticality, and communicate remediation timelines to system owners. Effective vulnerability management reduces the attack surface an adversary can exploit and supports compliance with frameworks such as PCI DSS and NIST.
Free questions on vulnerability management
An analyst reviewing vulnerability scan results notices that the same vulnerabilities appear across multiple scans over 6 months with no change in status. What does this indicate?
Free question · medium · full answer + explanation
During a vulnerability assessment, a security analyst discovers that a legacy application is running on port 8080 with a known critical CVE that has no patch available. What should be the analyst's FIRST course of action?
Free question · medium · full answer + explanation
Which metric BEST indicates whether a vulnerability management program is effective over a 12-month period?
Free question · medium · full answer + explanation
More vulnerability management questions in the full bank
- Which vulnerability management practice ensures that patches are effective and systems remain secure? Unlock answer & explanation →
- A vulnerability scan identifies that administrative credentials for a critical system are stored in a configuration file with world-readable permissions. What severity rating is appropriate? Unlock answer & explanation →
- What is the GREATEST risk of using outdated vulnerability databases for scanning and analysis? Unlock answer & explanation →