CompTIA Security+ (SY0-701) — Question 66

Which of the following is used to quantitatively measure the criticality of a vulnerability?

Answer options

• A. CVE
• B. CVSS
• C. CIA
• D. CERT

Correct answer: B

Explanation

The correct answer is B, CVSS, which stands for Common Vulnerability Scoring System, as it provides a framework for rating the severity of vulnerabilities. Option A, CVE, refers to a list of publicly disclosed vulnerabilities but does not measure criticality. Option C, CIA, represents Confidentiality, Integrity, and Availability, which are information security principles, not a measurement system. Option D, CERT, is related to security incident response but does not provide a quantitative measure of vulnerability criticality.