🔥 3-day streak
CompTIA PenTest+ (PT0-003)38 / 175
Question 38 of 175

During analysis of a large scan report, a penetration tester must recommend which vulnerability to prioritize for remediation. Two findings stand out: Finding X has a CVSS base score of 9.8 but an EPSS (Exploit Prediction Scoring System) score of 0.4% and no public exploit; Finding Y has a CVSS base score of 7.5, an EPSS score of 92%, and is actively being weaponized in the wild against internet-facing hosts identical to the client's exposed web server. Which recommendation best reflects risk-based prioritization?

Reviewed for accuracy · Report an issueNext question