🔥 3-day streak
CompTIA CySA+ (CS0-003)97 / 147
Question 97 of 147
A security analyst prepares a quarterly vulnerability report for the risk committee. For a critical flaw on an internet-facing application, the team deployed a web application firewall (WAF) rule to block exploitation but has not yet patched the underlying code. The committee chair asks the analyst to clearly represent the level of risk that remains after this control is applied. Which metric should the analyst report to answer the chair's question?
Reviewed for accuracy · Report an issueNext question