Question 4 - CompTIA (CYSA+) Analyst+ CS0-003 Real Exam Questions [March 2026 Update]

Q: 4

A security analyst reviews the latest vulnerability scans and observes there are vulnerabilities with similar CVSSv3 scores but different base score metrics. Which of the following attack vectors should the analyst remediate first?

Options

Discussion

Logan U. Mar 1, 2026 7:07 pm

C . Network attack vector is always top priority since anyone can hit it remotely. Correct me if I'm missing something.

Emma G. Feb 12, 2026 10:45 pm

Not C, B. AV:A can be a problem if your network has lots of adjacent segments, kinda tricky sometimes.

CuriousTester6800 Mar 1, 2026 4:26 pm

Option C makes sense to hit first since AV:N means remote exploit from anywhere, way more exposure than adjacent (B). I think that's standard triage for network vulnerabilities. Not 100% but C looks most critical.

Rowan M. Feb 26, 2026 7:09 pm

Option B AV:A (adjacent network) still could be higher risk if VLAN hopping is in play.

Parker Feb 21, 2026 4:23 am

B , saw a similar one on a practice test.

Mason C. Feb 22, 2026 5:14 pm

B tbh

Chris Feb 20, 2026 4:15 am

B . AV:A means adjacent network, so it's riskier than local vectors (like D). Pretty sure C is more urgent but I sometimes mix up AV syntax, so let me know if I'm off.

Rowan Feb 24, 2026 6:03 pm

Yeah, I agree with C here.

Nina Feb 15, 2026 2:01 pm

C imo, network vector (AV:N) is riskier since attackers can reach it from anywhere without local or physical access. Unless there's something unique about your environment, I'd always prioritize network-exploitable vulns first. Disagree if you see a niche case.

GraceB Feb 15, 2026 2:38 am

My pick: it's C, saw a similar question on a practice test and network vector (AV:N) always comes first.

Be respectful. No spam.

Correct Answer:

Explanation

The primary differentiator for prioritization among the given options is the Attack Vector (AV) metric within the CVSSv3 string. The AV:N (Network) vector indicates that the vulnerability is exploitable remotely from the internet. This represents the broadest attack surface and the highest immediate risk, as an attacker requires no prior access to the local or adjacent network. When other metrics like Attack Complexity (AC:L), Privileges Required (PR:L), and Impact (C:H/I:H/A:H) are identical, the vulnerability that can be exploited from anywhere on the network should always be remediated first.

Why Incorrect

A. AV:P (Physical) requires physical access to the target system, representing the lowest level of risk and therefore the lowest priority for remediation.

B. AV:A (Adjacent) requires the attacker to be on the same local network, which is a more limited attack surface than a network-exploitable vulnerability.

D. AV:L (Local) requires the attacker to have existing access to the system, making it a lower priority than a remotely exploitable vulnerability.

References

1. FIRST.org

Inc. (2019). Common Vulnerability Scoring System v3.1: Specification Document. Section 2.1.1

Attack Vector (AV). The document states

"The Base Score is highest for a vulnerability that can be exploited remotely (AV:N)... This is because the attacker does not require any local or physical access to the vulnerable component." This directly supports prioritizing AV:N.

2. Mell

& Scarfone

K. (2005). The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems (NISTIR 7435). National Institute of Standards and Technology. Section 3.1

"Base Metrics

" discusses how the Attack Vector metric captures the context by which vulnerability exploitation is possible

with Network being the most critical.

3. Purdue University. CS 42600: Computer Security

Lecture 18 - Vulnerabilities. Course materials discuss vulnerability analysis and CVSS. The lectures emphasize that the Attack Vector is a critical component for prioritization

with network-based vectors (AV:N) posing a significantly higher risk than local

adjacent

or physical vectors due to the vast number of potential remote attackers.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE