Which technique is best at assigning numeric ratings across multiple factors, such as potential harm, ease of recreation, challenge of exploitation, the number of users that might be impacted, and how easily a flaw might be uncovered?
A system that calculates an overall risk score by assigning numeric values for multiple dimensions of possible damage
A reference that catalogs known attacker tactics and techniques
A methodology that focuses on organizational assets, potential weaknesses, and risk tolerance
A process that places threats into categories like spoofing or repudiation
The correct option systematically scores faults across multiple metrics, leading to a more detailed risk evaluation. Other methods concentrate on defining how an attacker could compromise a target or outlining a broader risk management process, but do not focus on providing numeric values for each risk element independently.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a risk scoring system?
Open an interactive chat with Bash
How does risk scoring differ from attacker tactics and techniques references?
Open an interactive chat with Bash
What metrics are commonly included in risk scoring systems?