Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam SY0-601 Topic 2 Question 74 Discussion

Actual exam question for CompTIA's SY0-601 exam
Question #: 74
Topic #: 2
[All SY0-601 Questions]

Which of the following is best to use when determining the severity of a vulnerability?

Show Suggested Answer Hide Answer
Suggested Answer: D

CVSS, or Common Vulnerability Scoring System, is a standard method for assessing the severity of software vulnerabilities based on various metrics and factors. CVE, or Common Vulnerabilities and Exposures, is a list of publicly disclosed vulnerabilities, but does not provide a severity score. OSINT, or Open Source Intelligence, is the collection and analysis of publicly available information, which may or may not be relevant to a specific vulnerability. SOAR, or Security Orchestration, Automation and Response, is a set of tools and processes that automate and streamline security operations and incident response.


by Alex at Jan 22, 2024, 07:12 PM

Limited Time Offer

25%

Off

Get Premium SY0-601 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Shakira
12 days ago
Hmm, CVSS is the obvious choice here, but I'm kinda curious about this SOAR thing. Sounds like some fancy-pants AI system that can do all the work for us. Imagine just letting a robot handle the vulnerability assessment - now that's what I call efficiency!
upvoted 0 times
Adelina
9 hours ago
D) CVSS
upvoted 0 times
...
...
Elinore
13 days ago
You guys are overthinking this. Just use CVSS, it's the gold standard. Although, if you really wanna impress the examiners, throw in a few OSINT references to show off your research skills. That'll really make you stand out!
upvoted 0 times
...
Tamera
15 days ago
I don't know, CVSS can be a bit tricky to interpret sometimes. CVE might be a better option - it's a standardized identifier that can give us a quick overview of the vulnerability. Plus, it's widely used, so that's gotta count for something, right?
upvoted 0 times
...
Susy
15 days ago
Ah, the classic vulnerability severity question! I'd say CVSS is the way to go. It's the industry standard for assessing the impact and exploitability of vulnerabilities. Much more reliable than using some random OSINT data or hoping the SOAR system can figure it out.
upvoted 0 times
...

Save Cancel