🔥 3-day streak
CompTIA CySA+ (CS0-003)86 / 147
Question 86 of 147

A security analyst has been asked to present the results of the quarterly vulnerability management program to the company's board of directors. The analyst's draft slide deck currently includes detailed CVE identifiers, individual CVSS vector strings, per-host scan output, and a list of specific patch KB numbers. The board's primary concern is understanding whether the organization's risk exposure is improving over time and whether the security budget is being spent effectively. What is the MOST appropriate change the analyst should make to the report before presenting to this audience?

Reviewed for accuracy · Report an issueNext question