Question 4Fill in the blank: According to the CVE® list, a vulnerability with a score of _____ or above is considered to be a critical risk to company assets that should be addressed right away.1 point14119

What is a vulnerability?1 pointAnything that can impact the confidentiality, integrity, or availability of an assetAny circumstance or event that can negatively impact assetsAn organization’s ability to manage its defense of critical assets and data and react to changeA weakness that can be exploited by a threat

Vulnerability DescriptionThe activities that you will undertake are as follows:1. Describe and explain the vulnerability with a high level of technical detail in your ownwords. A copy of a CVE report is not acceptable, and a superficial description willattract low marks. The description must include outcomes of the vulnerability, i.e. whatit can be used for, what level of access it provides, and which systems are affected by thevulnerability.2. Describe and explain mitigation and prevention strategies that can be used to protectagainst the vulnerability. These should be specific strategies for the chosen vulnerability,and you must provide sufficient detail. For example, simply saying “there is a patch” isnot enough, but you should provide detailed information, such as a patch number or aversion number of the software that fixes the problem.3. Describe how to demo the exploit of the vulnerability. This plan should list the requiredsoftware, operating systems, code etc. that is required and provide an overview on how anexploitation demonstration will work.

85.1% completeQuestionA cybersecurity analyst uses the Common Vulnerability Scoring System (CVSS) to evaluate the severity of a vulnerability in a company's software. When using the CVSS to evaluate the severity of a software vulnerability, what specific factors should the analyst consider, and why is CVSS an important tool for IT teams to use? (Select the two best options.)A.Type of vulnerability, affected system, and potential impact; to prioritize remediation effortsB.Severity, number of systems affected, and potential impact; to allocate resources more effectivelyC.Likelihood of exploitation, potential impact, and patch availability; to provide an objective measure of riskD.Cost of fixing, number of systems affected, and potential impact; to provide a standardized method for assessing severity

To better understand the risk posed by vulnerabilities, the team will conduct a _____, which assesses potential risks that can negatively affect an organization.vulnerability scanrisk analysisPenTestPort scanning

A risk is defined as what might have happened to the ____________ of the project.a.assessmentb.scopec.detrimentd.coste.schedule