TimSaysICan Training - CySA+ PBQ

CySA+ PBQ: Vulnerability Remediation

Prioritize remediation by CVSS score, environment, and mitigation fit.

Back to Training Portal

Scenario

A vulnerability report lists several findings. The policy requires vulnerabilities above CVSS 9.0 to be patched within 7 days, above 7.9 to be patched within 14 days for production, and above 5.0 to be patched within 30 days for production.

Your task: Review the evidence and select the best analyst response for each field.
EvidenceDetails
192.168.76.5Microsoft IIS unsupported software, CVSS 9.2, DEV
192.168.76.6Sensitive cookie without Secure attribute, CVSS 7.4, DEV
Policy questionSelect a server to patch within 14 calendar days
Mitigation targetUnsupported IIS software

Analyst Decisions

Instructor Answer