A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?
Leadership teams like more "snapshot" explanations than long technical explanations. The Common Vulnerability Scoring System (CVSS) provides an externally validated and informative "snapshot" of what an organization is up against, rather than just a grunt IT worker's "opinion" (however valid it may be) that something is a big deal.
Also, in my experience the CVSS's are usually shown in colors. Colors help with C-suite personnel. (Speaking from experience.)
CVSS is a widely recognized and standardized framework for assessing and communicating the severity of vulnerabilities. It provides a numeric score and severity rating for vulnerabilities based on various factors such as impact, exploitability, and complexity. The CVSS score helps to prioritize vulnerabilities and determine the appropriate response and mitigation actions.
By utilizing CVSS, the security analyst can provide a clear and standardized way to communicate the severity levels of vulnerabilities to the leadership team. The CVSS score and rating provide a common language to convey the potential risks and impact associated with each vulnerability, allowing the leadership team to make informed decisions regarding the organization's security posture and resource allocation.
The Common Vulnerability Scoring System is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat.
Could use a Common Vulnerability Scoring System (CVSS) to communicate the severity levels of the organization's vulnerabilities to the leadership team.
Differences between CVSS and CVE
CVSS is the overall score assigned to a vulnerability. CVE is simply a list of all publicly disclosed vulnerabilities that includes the CVE ID, a description, dates, and comments. The CVSS score is not reported in the CVE listing
upvoted 7 times
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Adji91
Highly Voted 2 years, 3 months agoP_man
2 years, 3 months agobitezadusto
2 years, 3 months agofouserd
2 years, 2 months agoApplebeesWaiter1122
Highly Voted 1 year, 11 months agoThaKyd88
1 year, 7 months agozits88
Most Recent 1 year, 10 months agoApplebeesWaiter1122
2 years agoSophyQueenCR82
2 years, 3 months agoUfuk_Ari
2 years, 4 months agohsdj
2 years, 4 months ago