CompTIA Security+ (SY0-701) — Question 292

Which of the following is best to use when determining the severity of a vulnerability?

Answer options

• A. CVE
• B. OSINT
• C. SOAR
• D. CVSS

Correct answer: D

Explanation

The correct answer is D, CVSS, as it provides a standardized way to gauge the severity of vulnerabilities through a scoring system. Options A (CVE) is merely a database of vulnerabilities, B (OSINT) refers to open-source intelligence which may not directly assess severity, and C (SOAR) is related to automation in security operations but does not specifically measure vulnerability severity.