CompTIA Security+ (SY0-701) — Question 309

Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

Answer options

• A. Exposure factor
• B. CVSS
• C. CVE
• D. Industry impact

Correct answer: B

Explanation

The correct answer is B, CVSS, as it provides a standardized method for assessing the severity of vulnerabilities, allowing organizations to prioritize effectively. Other options, like Exposure factor and CVE, do not provide a comprehensive risk assessment, while Industry impact is too broad and may not reflect the specific vulnerabilities faced by the organization.