nerdexam
Exams200-201Questions#30
CiscoCisco

200-201 · Question #30

200-201 Question #30: Real Exam Question with Answer & Explanation

The correct answer is C: National Institute of Standards and Technology (NIST). The National Institute of Standards and Technology (NIST) provides detailed information about vulnerabilities through its National Vulnerability Database (NVD).

Submitted by akirajp· Mar 6, 2026Security Policies and Procedures

Question

When you are researching a Windows operating system vulnerability (such as CVE-2016-7211), which organization can provide detailed information about the specific vulnerability?

Options

  • AInstitute of Electrical and Electronics Engineers (IEEE)
  • BControl Objectives for Information and Related Technologies (COBIT)
  • CNational Institute of Standards and Technology (NIST)
  • DInternational Organization for Standardization (ISO)

Explanation

The National Institute of Standards and Technology (NIST) provides detailed information about vulnerabilities through its National Vulnerability Database (NVD).

Common mistakes.

  • A. IEEE is known for setting standards for electrical and electronic engineering, not for maintaining a vulnerability database.
  • B. COBIT is a framework for IT governance and management, not a repository for specific vulnerability information.
  • D. ISO is an international standard-setting body that publishes various standards, but it does not maintain a database of specific software vulnerabilities.

Concept tested. Vulnerability Information Sources (NVD/CVE)

Reference. https://nvd.nist.gov/

Topics

#vulnerability research#NIST#CVE

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-201 PracticeBrowse All 200-201 Questions