CompTIA Security+ (SY0-601) — Question 600

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

Answer options

• A. SOAR
• B. CVSS
• C. SIEM
• D. CVE

Correct answer: B

Explanation

The correct answer, CVSS (Common Vulnerability Scoring System), provides a standardized way to evaluate the severity of vulnerabilities, helping prioritize patching efforts. SOAR, SIEM, and CVE are useful in security operations but do not specifically offer a scoring system for prioritizing vulnerabilities like CVSS does.