CompTIA Security+ (SY0-601) — Question 614

Which of the following is best to use when determining the severity of a vulnerability?

Answer options

• A. CVE
• B. OSINT
• C. SOAR
• D. CVSS

Correct answer: D

Explanation

The CVSS (Common Vulnerability Scoring System) provides a standardized way to evaluate the severity of vulnerabilities, making it the best choice. CVE (Common Vulnerabilities and Exposures) is a list of vulnerabilities but does not assess severity. OSINT (Open Source Intelligence) involves gathering information but does not specifically measure vulnerability severity. SOAR (Security Orchestration, Automation, and Response) focuses on automating security operations, rather than assessing vulnerability severity.