CompTIA CySA+ CS0-003 CompTIA Study Notes

The first action that should be completed to remediate the findings is to perform proper sanitization on all fields. Sanitization is a process that involves validating, filtering, or encoding any user input or data before processing or storing it on a system or application. Sanitization can help prevent various types of attacks, such as cross-site scripting (XSS), SQL injection, or command injection, that exploit unsanitized input or data to execute malicious scripts, commands, or queries on a system or application. Performing proper sanitization on all fields can help address the most critical and common vulnerability found during the vulnerability assessment, which is XSS.

The issue is that laptops are often off-network (traveling), causing inaccurate network-scan metrics and slower detection. The best way to reduce MTTD (mean time to detect vulnerabilities) for roaming endpoints is agent-based scanning, because agents run continuously on endpoints and can still scan/report results even when devices are not connected to the corporate network.

Exact extract (All-in-One Exam Guide):

“Because the agents run continuously on each host, mobile devices can still be scanned even when they are not connected to the corporate network.”

It further emphasizes suitability for mobile devices:

Exact extract (All-in-One Exam Guide):

“agent-based (or serverless) vulnerability scans are typically better for scanning mobile devices.”

And Sybex Practice Tests directly supports this scenario (traveling sales laptops) by selecting agent-based scanning as best for accurate config visibility on traveling laptops:

Exact extract (Sybex Practice Tests):

“…most accurate view of configuration issues on laptops belonging to traveling salespeople. Which technology will work best…? A. Agent-based scanning”

Why the other options don’t solve the “traveling laptops” problem:

B (credentialed scans): improves depth/accuracy when the device is reachable, but does nothing when laptops are offline/not on the network.

C (more frequent network scans): still misses devices that aren’t connected.

D (increase runtime): waiting longer doesn’t reduce MTTD; it just delays reporting and still won’t scan an off-network device.

References (CompTIA CySA+ CS0-003 documents / study guides used):

Mya Heath et al., CompTIA CySA+ All-in-One Exam Guide (CS0-003): agents scan continuously; mobile devices can be scanned off-network; agent-based better for mobile devices

Chapple/Seidl, CompTIA CySA+ Practice Tests (CS0-003): agent-based scanning best for traveling laptop scanning accuracy

Compensating controls are the best approach to minimize the risk of the outdated servers being compromised, as they can provide an alternative or additional layer of security when the primary control is not feasible or effective. Compensating controls are security measures that are implemented to mitigate the risk of a vulnerability or an attack when the primary control is not feasible or effective. For example, if the servers are running outdated operating systems and cannot be patched, a compensating control could be to isolate them from the rest of the network, or to implement a firewall or an intrusion prevention system to monitor and block any malicious traffic to or from the servers. Compensating controls can help reduce the likelihood or impact of an exploit, but they do not eliminate the risk completely. Therefore, the security analyst should also consider upgrading or replacing the outdated servers as soon as possible.

Command and control (C2) is a phase of the Cyber Kill Chain that involves the adversary attempting to establish communication with a successfully exploited target. C2 enables the adversary to remotely control or manipulate the target system or network using various methods, such as malware callbacks, backdoors, botnets, or covert channels. C2 allows the adversary to maintain persistence, exfiltrate data, execute commands, deliver payloads, or spread to other systems or networks.