CompTIA CASP+ (CAS-004) — Question 601

A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly?

Answer options

• A. Business Impact rating
• B. CVE dates
• C. CVSS scores
• D. OVAL

Correct answer: C

Explanation

The CVSS scores provide a standardized way to assess the severity of vulnerabilities, allowing the analyst to quickly prioritize which issues are most critical to address. In contrast, Business Impact ratings may not offer a direct severity level, CVE dates do not indicate urgency, and OVAL is a language for encoding system security information, which is less useful for immediate prioritization.