Question 2 - COMPTIA Cloud+ CV0-004 Real Exam Questions [March 2026 Update]

Q: 2

Two CVEs are discovered on servers in the company's public cloud virtual network. The CVEs are listed as having an attack vector value of network and CVSS score of 9.0. Which of the following actions would be the best way to mitigate the vulnerabilities?

Options

Discussion

Olivia Mar 3, 2026 4:37 pm

A not D, since patching actually removes the vulnerability rather than just blocking a port. Seen this on practice sets.

Liam F. Feb 22, 2026 11:28 pm

For me, A, but I'd review official CompTIA guide on patch management for confirmation.

Reese R. Feb 22, 2026 7:12 pm

Its A

LoganE Feb 21, 2026 10:02 am

A saw a similar question in practice and patching is always the main fix for CVEs like this.

Leo M. Feb 15, 2026 11:45 pm

BenP Mar 3, 2026 1:42 am

D or A. I picked D because closing unnecessary open ports can block network-based exploits, especially when patching right away isn't an option. Might not fully remediate, though, since the underlying CVE is still there. Anyone else thinking D makes sense for quick mitigation?

Ryan T. Feb 21, 2026 2:09 am

A tbh, but I'd double-check exam practice and CompTIA docs for this scenario.

Nathan F. Feb 27, 2026 7:38 am

A is wrong, patching only works if vendor released a fix already. B.

LaylaB Mar 5, 2026 3:04 am

Patching (A) is the most solid approach here since it actually fixes the core vulnerability tied to the CVE. Disabling ports (D) helps limit attack surface but doesn't resolve the flaw itself, especially with a CVSS 9.0 and network vector. I think patching is always top priority for this scenario, unless there's some reason patching isn't possible right away-agree?

Drew Feb 18, 2026 10:28 pm

Be respectful. No spam.

Correct Answer:

Explanation

A Common Vulnerability and Exposure (CVE) identifies a specific, known software flaw. The standard and most direct method to remediate such a vulnerability is to apply the security patch released by the vendor. Given the critical CVSS score of 9.0 and a network attack vector, the vulnerability is remotely exploitable and poses a significant risk. Patching the operating systems directly addresses and eliminates the underlying security flaw, which is the most effective and appropriate mitigation strategy. This action is a fundamental component of vulnerability management and security hygiene.

Why Incorrect

Upgrading to beta software is not a recommended security practice for production systems as it is untested and likely contains its own bugs and vulnerabilities.

Encrypting operating system disks protects data at rest but offers no protection against a network-based attack that exploits a vulnerability in the running OS.

Disabling ports is a hardening measure but does not fix the vulnerability itself and may not be feasible if the flaw exists on a necessary, business-critical service.

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-40r4 (Draft)

Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology. Section 2.1

"The Importance of Patch Management

" states

"Patch management is the process of identifying

acquiring

installing

and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware." This establishes patching as the direct corrective action for vulnerabilities.

2. AWS Well-Architected Framework

Security Pillar (July 2023). Page 49

under "Vulnerability Management

" recommends

"Perform vulnerability scans and patching in a timely manner to reduce the attack surface... Automate patching to operating systems and applications to reduce the window of opportunity for an attacker." This highlights patching as a primary security control in a public cloud environment.

3. FIRST.org

Common Vulnerability Scoring System v3.1: Specification Document. Section 2.1

"Attack Vector (AV)

" defines the "Network" value

confirming the remote exploitability. Section 4

"Qualitative Severity Rating Scale

" categorizes a CVSS Base Score of 9.0-10.0 as "Critical

" underscoring the urgency for remediation.

4. Microsoft Azure Documentation

Remediate findings from Microsoft Defender for Endpoint. The documentation outlines the process for handling discovered vulnerabilities

stating

"After you've identified the devices at risk

you can remediate them with a security recommendation." These recommendations consistently prioritize applying vendor-supplied security updates (patches).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE