Introduction
This chapter covers the third objective of Domain 4.0 Security Operations of the CompTIA Security+ 701 exam.
In this chapter, we will review vulnerability identification methods, including application security, and consider sources of information, such as threat feeds, Open Source Intelligence (OSINT), penetration testing (pen testing), and a bug bounty, and the scoring and classification of this data, using the Common Vulnerability Scoring System (CVSS) and vulnerability classification, respectively. We will finish the chapter with an exploration of vulnerability remediation and the creation of a management report.
This chapter will give you an overview of why having an effective vulnerability management program is vital. This will enable you to answer all exam questions related to these concepts in your certification.
Note
A full breakdown of Exam Objective 4.3 will be provided at the end of the chapter.