🔥 3-day streak
CompTIA CySA+ (CS0-003)88 / 147
Question 88 of 147

A security analyst is triaging a vulnerability scan report containing over 400 findings across the enterprise. Management wants remediation effort focused first on vulnerabilities that pose the greatest real-world risk. Several findings have high CVSS base scores but no known public exploit, while a few findings with moderate CVSS scores appear on the CISA Known Exploited Vulnerabilities (KEV) catalog. Which approach should the analyst recommend to prioritize the initial remediation wave?

Reviewed for accuracy · Report an issueNext question