A recent audit included a vulnerability scan that found critical patches released 60 days prior were not applied to servers in the environment. The infrastructure team was able to isolate the issue and determined it was due to a service being disabled on the server running the automated patch management application.
Which of the following would be the MOST efficient way to avoid similar audit findings in the future?
A. Implement a manual patch management application package to regain greater control over the process.
B. Create a patch management policy that requires all servers to be patched within 30 days of patch release.
C. Implement service monitoring to validate that tools are functioning properly.
D. Set services on the patch management server to automatically run on start-up.
CS0-002: CompTIA CySA+ ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
 |
I believe D is incorrect. The question stated that a service was “disabled,” not “stopped.” Services with a status of “disabled” are typically manually and deliberately set that way so it’s quite possible there was malicious activity involved. With an application as important as patch management, you’d expect it to already be set to run automatically on start-up.
Instead, the correct answer should be C, implement service monitoring. The most notable app that comes to mind is Nagios. Here is something from the Nagios website:
“Nagios provides complete monitoring of Microsoft Windows services. Nagios is capable of monitoring the state of any Windows service (IIS, Exchange, DHCP, etc) and alerting you when the service is stopped or crashed.”