CompTIA Security+ (SY0-701) — Question 522

Which of the following is a use of CVSS?

Answer options

• A. To determine the cost associated with patching systems
• B. To identify unused ports and services that should be closed
• C. To analyze code for defects that could be exploited
• D. To prioritize the remediation of vulnerabilities

Correct answer: D

Explanation

The correct answer, D, is accurate because CVSS is designed to help prioritize the remediation of vulnerabilities based on their severity. Options A, B, and C are incorrect as they do not reflect the primary function of CVSS, which focuses on vulnerability scoring rather than cost assessment, unused services identification, or code analysis.