hiexam
comptia · CS0-001 · Q428 · multiple_choice · topic_1

An organization uses Common Vulnerability Scoring System (CVSS) scores to prioritize remediation of vulnerabilities. Ma…

An organization uses Common Vulnerability Scoring System (CVSS) scores to prioritize remediation of vulnerabilities. Management wants to modify the priorities based on a difficulty factor so that vulnerabilities with lower CVSS scores may get a higher priority if they are easier to implement with less risk to system functionality. Management also wants to quantify the priority. Which of the following would achieve management's objective?
  • A.(CVSS Score) * Difficulty = Priority Where Difficulty is a range from 0.1 to 1.0 with 1.0 being easiest and lowest risk to implement
  • B.(CVSS Score) * Difficulty = Priority Where Difficulty is a range from 1 to 5 with 1 being easiest and lowest risk to implement
  • C.(CVSS Score) / Difficulty = Priority Where Difficulty is a range from 1 to 10 with 10 being easiest and lowest risk to implement
  • D.((CVSS Score) * 2) / Difficulty = Priority Where CVSS Score is weighted and Difficulty is a range from 1 to 5 with 5 being easiest and lowest risk to implement
Explanation
I don't think this one is correct. The question is "... vulnerabilities with lower CVSS scores may get a higher priority if they are easier to implement ... ". Let's assume the CVSS Score is 7 for a minute: A. Hard: 7 * 0.1 = 0.7 Easy: 7 * 1 = 7 B. Hard: 7 * 5 = 35 Easy: 7 * 1 = 7 C. Hard: 7 / 1 = 7 Easy: 7 / 10 = 0.7 D. Hard: (7 * 2) / 1 = 14 Easy: (7 * 2) / 5 = 2.8 So, A is the only correct answer imho. Can anyone else comfirm?

Reference: examtopics_top_comment

Practice with progress tracking

Sign in to track wrong answers, get spaced-repetition reminders, and run timed exam mode.

Start tracked practicePricing