CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

As a penetration tester, you have uncovered several security flaws within your client's network infrastructure. In order to systematically convey the severity of each finding in your report, you must adhere to an industry-standard risk rating framework. Which of the following would best allow for a consistent and quantitative expression of vulnerability severity that can be understood by both technical and non-technical stakeholders?

  • Employing the Common Vulnerability Scoring System (CVSS) to apply a numerical and qualitative severity level to each vulnerability

  • Developing an algorithmic risk matrix that combines asset value, threat capability, and vulnerability severity tailored to the client

  • Relying on the Common Weakness Scoring System (CWSS) to measure the risk level of each weakness without factoring in environmental metrics

  • Calculating severity based on the average cost of incidents associated with similar vulnerabilities in the past year

This question is for objective:
Reporting and Communication
Your Score:
Reporting and Communication
Information Gathering and Vulnerability Scanning
Attacks and Exploits
Tools and Code Analysis
Planning and Scoping