Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam SY0-601 Topic 2 Question 74 Discussion

Actual exam question for CompTIA's SY0-601 exam
Question #: 74
Topic #: 2
[All SY0-601 Questions]

Which of the following is best to use when determining the severity of a vulnerability?

Show Suggested Answer Hide Answer
Suggested Answer: D

CVSS, or Common Vulnerability Scoring System, is a standard method for assessing the severity of software vulnerabilities based on various metrics and factors. CVE, or Common Vulnerabilities and Exposures, is a list of publicly disclosed vulnerabilities, but does not provide a severity score. OSINT, or Open Source Intelligence, is the collection and analysis of publicly available information, which may or may not be relevant to a specific vulnerability. SOAR, or Security Orchestration, Automation and Response, is a set of tools and processes that automate and streamline security operations and incident response.


Contribute your Thoughts:

Shakira
8 months ago
Hmm, CVSS is the obvious choice here, but I'm kinda curious about this SOAR thing. Sounds like some fancy-pants AI system that can do all the work for us. Imagine just letting a robot handle the vulnerability assessment - now that's what I call efficiency!
upvoted 0 times
Celestina
7 months ago
Yeah, CVSS is widely used for prioritizing vulnerabilities based on severity.
upvoted 0 times
...
Devora
7 months ago
D) CVSS
upvoted 0 times
...
Adelina
7 months ago
CVE stands for Common Vulnerabilities and Exposures, it's important for tracking vulnerabilities.
upvoted 0 times
...
Isaiah
8 months ago
A) CVE
upvoted 0 times
...
Lauran
8 months ago
SOAR stands for Security Orchestration, Automation, and Response. It helps streamline security operations.
upvoted 0 times
...
Corinne
8 months ago
C) SOAR
upvoted 0 times
...
Derick
8 months ago
I agree, CVSS is the standard for measuring vulnerability severity.
upvoted 0 times
...
Adelina
8 months ago
D) CVSS
upvoted 0 times
...
...
Elinore
8 months ago
You guys are overthinking this. Just use CVSS, it's the gold standard. Although, if you really wanna impress the examiners, throw in a few OSINT references to show off your research skills. That'll really make you stand out!
upvoted 0 times
...
Tamera
8 months ago
I don't know, CVSS can be a bit tricky to interpret sometimes. CVE might be a better option - it's a standardized identifier that can give us a quick overview of the vulnerability. Plus, it's widely used, so that's gotta count for something, right?
upvoted 0 times
...
Susy
8 months ago
Ah, the classic vulnerability severity question! I'd say CVSS is the way to go. It's the industry standard for assessing the impact and exploitability of vulnerabilities. Much more reliable than using some random OSINT data or hoping the SOAR system can figure it out.
upvoted 0 times
...

Save Cancel