CompTIA CySA+ Practice Test

If an organization faces a critical vulnerability in its operating systems, what should the security team do to identify affected servers?

• A. Conduct an OS fingerprinting scan
• B. Manually review server documentation
• C. Disable firewalls temporarily
• D. Conduct service discovery scans only

The correct answer is: Conduct an OS fingerprinting scan

Conducting an OS fingerprinting scan is a highly effective method for identifying affected servers in the context of a critical vulnerability in operating systems. OS fingerprinting allows the security team to determine the specific operating systems running on various devices within the network. This is crucial because vulnerabilities can vary significantly between different operating systems and versions, thereby necessitating a targeted response. With OS fingerprinting, the security team can gather detailed information about the operating systems in use across the organization's servers quickly and efficiently. This enables them to prioritize patching or remediation efforts based on the specific risks associated with each OS variant. Furthermore, fingerprinting can help identify unregistered or unknown devices that might not be documented elsewhere, ensuring comprehensive coverage. In contrast, manually reviewing server documentation can be time-consuming and prone to human error, especially in dynamic environments where server configurations may change frequently. Disabling firewalls temporarily increases risk and may expose systems to threats during the vulnerability identification process. Focusing solely on service discovery scans may overlook crucial details about the operating system itself, limiting the effectiveness of vulnerability management efforts. Therefore, OS fingerprinting stands out as the most proactive and precise approach for effectively identifying the scope of the vulnerability challenge.