CompTIA CySA+ (CS0-003) — Question 286

A security analyst must assist the IT department with creating a phased plan for vulnerability patching that meets established SLAs. Which of the following vulnerability management elements will best assist with prioritizing a successful plan?

Answer options

• A. Affected hosts
• B. Risk score
• C. Mitigation strategy
• D. Annual recurrence

Correct answer: B

Explanation

The correct answer is B, as the risk score quantifies the potential impact of vulnerabilities, helping prioritize which patches to apply first based on severity. Options A and C focus on specific hosts and strategies, which are important but do not directly assist in prioritization. Option D is irrelevant to immediate prioritization of vulnerabilities.