A security analyst is prioritizing vulnerability scan results using a risk-based approach. Which of the following is the most efficient resource for the analyst to use?
TheCommon Vulnerability Scoring System (CVSS)is astandardized framework for assessing the severity of vulnerabilities. It provides a numerical score (0-10) based on factors such asexploitability, impact, and complexity, helping security analystsprioritize remediation efforts based on risk.
Business impact analysis (A)helps identifycritical business functionsbut does not specificallyprioritize vulnerabilities.
Risk register (C)tracks identified risks but does not classify vulnerabilities.
Exposure factor (D)is used inquantitative risk assessmentbut is not an industry standard for vulnerability prioritization.
[Reference:CompTIA Security+ SY0-701 Official Study Guide, Risk Management domain., , , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit