CompTIA Security+ (SY0-601) — Question 234

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?

Answer options

• A. CVE
• B. SIEM
• C. SOAR
• D. CVSS

Correct answer: D

Explanation

CVSS (Common Vulnerability Scoring System) provides a standardized way to assess and communicate the severity of vulnerabilities, making it ideal for informing leadership. CVE (Common Vulnerabilities and Exposures) is a list of vulnerabilities but does not indicate severity. SIEM (Security Information and Event Management) focuses on security event data analysis rather than vulnerability severity. SOAR (Security Orchestration, Automation, and Response) is used for automating responses and managing security processes, not specifically for communicating vulnerability severity.