CompTIA Security+ (SY0-601) — Question 40

Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?

Answer options

• A. CVSS
• B. SIEM
• C. SOAR
• D. CVE

Correct answer: A

Explanation

CVSS (Common Vulnerability Scoring System) provides a numerical score that reflects the severity of vulnerabilities, allowing organizations to prioritize which vulnerabilities to address first. SIEM (Security Information and Event Management) is used for real-time analysis of security alerts, SOAR (Security Orchestration, Automation and Response) automates security operations, and CVE (Common Vulnerabilities and Exposures) is a list of publicly disclosed cybersecurity vulnerabilities but does not provide a scoring mechanism.