# CS0-003 — Question 426

**Type:** multiple_choice
**Topics:** topic_1

## Question

A company receives a penetration test report summary from a third party. The report summary indicates a proxy has some patches that need to be applied. The proxy is sitting in a rack and is not being used, as the company has replaced it with a new one. The CVE score of the vulnerability on the proxy is a 9.8. Which of the following best practices should the company follow with this proxy?

## Correct Answer

_See scenario._

## Explanation

Selected Answer: B
Correct
Since the proxy is not in use and has a critical vulnerability with a high CVSS score, the best course of action is to decommission the proxy. 
Patching the proxy might be an option if it were actively being used and could not be replaced, but since a new proxy is already in place, decommissioning is the most appropriate action.

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/comptia/CS0-003/426  
Practice (tracked): https://hiexam.net/study/CS0-003/practice