ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 312 discussion

Actual exam question from CompTIA's CS0-002
Question #: 312
Topic #: 1
[All CS0-002 Questions]

A security manager has asked an analyst to provide feedback on the results of a penetration test. After reviewing the results, the manager requests information regarding the possible exploitation of vulnerabilities. Which of the following information data points would be MOST useful for the analyst to provide to the security manager, who would then communicate the risk factors to the senior management team? (Choose two.)

  • A. Probability
  • B. Adversary capability
  • C. Attack vector
  • D. Impact
  • E. Classification
  • F. Indicators of compromise
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by gnnggnnggnng at Feb. 4, 2023, 2:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gnnggnnggnng
Highly Voted 2 years, 2 months ago
Selected Answer: AD
It is important to provide the probability and impact data points because they help communicate the risk of exploitation of the vulnerabilities to the senior management team. Probability indicates the likelihood of the vulnerability being exploited, while impact indicates the potential harm that could result from an exploitation of the vulnerability. This information allows the senior management team to understand the urgency and priority of addressing the vulnerabilities and make informed decisions about allocating resources for remediation efforts.
upvoted 6 times
...
DawiidB
Most Recent 1 year, 11 months ago
In terms of the information data points that would be most useful for the analyst to provide to the security manager, I believe that the impact and the attack vector would be the top two. The impact would help the security manager understand the potential damage that could be caused if the vulnerability is exploited, while the attack vector would help them understand how an attacker could exploit the vulnerability.
upvoted 1 times
DawiidB
1 year, 11 months ago
I'm new on this forum and I recently came across this post regarding the penetration test feedback. As someone who is preparing for the [comptia network+](https://trainocate.com.my/courses/ct-network-comptia-network/) certification, I thought I'd chime in with my two cents.
upvoted 1 times
...
...
yanyan20
1 year, 12 months ago
Selected Answer: AD
AD are the only things SLT will care about
upvoted 1 times
...
josephconer1
2 years ago
Selected Answer: AD
Risk evaluation in cybersecurity is built around both of those pieces combined: PROBABILITY of it happening + IMPACT of potential compromise = RISK LEVEL.
upvoted 1 times
...
2Fish
2 years, 1 month ago
Selected Answer: AD
AD, senior management is not gonna give a shyte about all that other technical stuff. They want the meat and taters.
upvoted 2 times
...
CatoFong
2 years, 2 months ago
Selected Answer: AD
AD is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago