nerdexam
(ISC)2

CISSP · Question #584

Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?

The correct answer is C. Asset values for networks. Vulnerability scanners allow administrators to assign asset values to networks and systems, enabling prioritization of remediation based on the relative importance of affected assets.

Submitted by suresh_in· Mar 5, 2026Security Assessment and Testing

Question

Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?

Options

  • ADefinitions for each exposure type
  • BVulnerability attack vectors
  • CAsset values for networks
  • DExploit code metrics

How the community answered

(23 responses)
  • C
    96% (22)
  • D
    4% (1)

Why each option

Vulnerability scanners allow administrators to assign asset values to networks and systems, enabling prioritization of remediation based on the relative importance of affected assets.

ADefinitions for each exposure type

Definitions for each exposure type are predefined by the scanner's vulnerability database (e.g., CVE/NVD entries) and are not something an administrator assigns to prioritize remediation.

BVulnerability attack vectors

Vulnerability attack vectors are standardized attributes defined within the CVSS scoring system by the vulnerability's publisher, not configurable values assigned by a scanner administrator.

CAsset values for networksCorrect

Assigning asset values to networks allows administrators to weigh the criticality of each asset when reviewing scan results, so that vulnerabilities on high-value systems (e.g., servers holding sensitive data) are remediated before those on low-value assets. This business-context weighting is a built-in feature of enterprise vulnerability management platforms like Tenable Nessus and Qualys, where asset criticality scores directly influence prioritized remediation workflows.

DExploit code metrics

Exploit code metrics are part of the CVSS Temporal score and reflect publicly available exploit availability, which is sourced externally and not an administrator-assigned value within the scanner.

Concept tested: Asset value assignment for vulnerability remediation prioritization

Source: https://docs.tenable.com/nessus/Content/AssetCriticalityRating.htm

Topics

#Vulnerability management#Vulnerability scanning#Risk prioritization#Asset valuation

Community Discussion

No community discussion yet for this question.

Full CISSP Practice