Vulnerability Scoring — CompTIA PenTest+ (PT0-002) Practice Questions
Vulnerability scoring is the broader practice of evaluating and ranking discovered vulnerabilities so that remediation efforts can be directed at the highest-risk issues first. On the PT0-002 exam, this concept extends beyond CVSS to include the tester's judgment about exploitability in the specific target environment, the business value of affected assets, and whether a working exploit is publicly available. A vulnerability with a high CVSS score may pose less practical risk in a given environment if it requires local access or is already mitigated by compensating controls. The exam tests candidates on how to weigh these factors when writing findings, calculating risk, and making prioritized recommendations in a penetration test report.
Free questions on vulnerability scoring
What does CVSS stand for?
Free question · easy · full answer + explanation
More vulnerability scoring questions in the full bank
- What does the CVSS score measure? Unlock answer & explanation →
- What is the CVSS (Common Vulnerability Scoring System) used for? Unlock answer & explanation →
- During an assessment, you identify that a critical vulnerability has a CVSS score of 9.8. What does this score indicate? Unlock answer & explanation →