CompTIA SecurityX (CAS-005) — Question 238

A security administrator needs to develop a remediation plan to address a large number of vulnerability scan results. Which of the following should the administrator use to determine the vulnerabilities that should be addressed first?

Answer options

• A. CPE
• B. CCE
• C. CVSS
• D. CVE

Correct answer: C

Explanation

The correct answer is CVSS, which stands for Common Vulnerability Scoring System, as it provides a standardized way to evaluate the severity of vulnerabilities, allowing the administrator to prioritize them effectively. CPE (Common Platform Enumeration) and CCE (Common Configuration Enumeration) are identifiers for software and configurations, respectively, and do not assist in prioritizing vulnerabilities. CVE (Common Vulnerabilities and Exposures) provides a list of vulnerabilities but lacks a scoring mechanism to prioritize them.