CISSP · Question #584
Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?
The correct answer is C. Asset values for networks. Vulnerability scanners allow administrators to assign asset values to networks and systems, enabling prioritization of remediation based on the relative importance of affected assets.
Question
Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?
Options
- ADefinitions for each exposure type
- BVulnerability attack vectors
- CAsset values for networks
- DExploit code metrics
How the community answered
(23 responses)- C96% (22)
- D4% (1)
Why each option
Vulnerability scanners allow administrators to assign asset values to networks and systems, enabling prioritization of remediation based on the relative importance of affected assets.
Definitions for each exposure type are predefined by the scanner's vulnerability database (e.g., CVE/NVD entries) and are not something an administrator assigns to prioritize remediation.
Vulnerability attack vectors are standardized attributes defined within the CVSS scoring system by the vulnerability's publisher, not configurable values assigned by a scanner administrator.
Assigning asset values to networks allows administrators to weigh the criticality of each asset when reviewing scan results, so that vulnerabilities on high-value systems (e.g., servers holding sensitive data) are remediated before those on low-value assets. This business-context weighting is a built-in feature of enterprise vulnerability management platforms like Tenable Nessus and Qualys, where asset criticality scores directly influence prioritized remediation workflows.
Exploit code metrics are part of the CVSS Temporal score and reflect publicly available exploit availability, which is sourced externally and not an administrator-assigned value within the scanner.
Concept tested: Asset value assignment for vulnerability remediation prioritization
Source: https://docs.tenable.com/nessus/Content/AssetCriticalityRating.htm
Topics
Community Discussion
No community discussion yet for this question.