A security team configures its SIEM to assign a priority to every alert based only on the CVSS base score of the associated vulnerability. Which of the following weaknesses is MOST likely to result from this approach?
The SIEM will rapidly exhaust its log-storage capacity because CVSS scoring increases the volume of stored events.
High-CVSS alerts on non-critical systems could be prioritized over incidents on mission-critical assets, causing analysts to overlook the greatest business risk.
No weakness exists; the CVSS base score already incorporates asset importance and likelihood, making additional factors unnecessary.
Using CVSS scores prevents the SIEM from correlating events that originate from multiple log sources.
CVSS scores describe the inherent technical severity of a vulnerability, but they do not factor in business context such as asset value, data sensitivity, or threat likelihood. As a result, an alert involving a high-CVSS vulnerability on a low-value system could be ranked ahead of a lower-CVSS issue on a mission-critical database. Using CVSS alone therefore risks misallocating analyst effort and overlooking the alerts that pose the greatest real-world risk. The other options are incorrect because CVSS does not integrate asset criticality (so sufficiency is false), does not affect log-storage volume, and does not prevent event correlation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a CVSS base score and how is it calculated?
Open an interactive chat with Bash
Why is business context important in vulnerability prioritization?
Open an interactive chat with Bash
What are some alternative ways to prioritize SIEM alerts effectively?