Domain 1 – Vulnerabilities

A company recently migrated its sensitive data to a cloud-based platform. The IT team is concerned about potential vulnerabilities. What should be their primary focus to mitigate cloud-based vulnerabilities?

An organization realizes that a critical system has unsecured root accounts. What is the potential risk associated with unsecured root accounts?

A company is considering outsourcing its software development to a third-party vendor. What aspect should be a significant concern when it comes to third-party risks?

An organization is using outdated firmware on its critical systems. What is the primary risk associated with outdated firmware?

A company is experiencing a data breach, and investigation reveals that a zero-day vulnerability was exploited. What does 'zero-day vulnerability' mean in this context?

An organization's web server suffered a breach due to improper patch management. What could have been a consequence of this failure?

A company has numerous legacy systems still in use. What is a potential risk associated with legacy systems?

An organization experiences a significant financial loss following a cyber attack. What could have contributed to this financial impact?

A data breach occurs, and customer information is stolen. What is a potential consequence of this data breach?

An organization realizes that it has open ports and services on its critical systems. What is the primary risk associated with open ports and services?