CompTIA CySA+ (CS0-002) — Question 322
Which of the following SCAP standards provides standardization for measuring and describing the severity of security-related software flaws?
Answer options
- A. OVAL
- B. CVSS
- C. CVE
- D. CCE
Correct answer: B
Explanation
The correct answer is B, CVSS, which is specifically designed to provide a standardized method for evaluating the severity of security vulnerabilities. OVAL (A) is focused on defining and assessing the state of systems, while CVE (C) provides a list of known vulnerabilities, and CCE (D) is related to configuration issues, not severity measurement.