CompTIA CASP+ (CAS-003) — Question 115

A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to secure the organization's systems. The CISO knows improvements can be made to the guides.
Which of the following would be the BEST source of reference during the revision process?

Answer options

• A. CVE database
• B. Internal security assessment reports
• C. Industry-accepted standards
• D. External vulnerability scan reports
• E. Vendor-specific implementation guides

Correct answer: A

Explanation

The CVE database is the most comprehensive and authoritative source for documenting known vulnerabilities, making it essential for identifying security issues that need addressing in the configuration and hardening guides. While internal reports, industry standards, external scans, and vendor guides are useful, they may not provide the most current and complete information regarding vulnerabilities.