YouTube
shieldCISSP Practice Domain 6 — Security Assessment and Testing Q100 of 120

What is a common pitfall when interpreting vulnerability scan results without context?

A CISSP practice question covering Domain 6: Security Assessment and Testing. Try answering before reading the explanation below.

Show options & answer
A
Treating CVSS score alone as the priority — ignoring exposure, asset value, and compensating controls
✓ Correct answer
B
Using too many scanners
C
Scanning during business hours
D
Generating a written report
Why "Treating CVSS score alone as the priority — ignoring exposure, asset value, and compensating controls" is the right answer

CVSS is a starting point. Real risk requires context: is the asset exposed, what data does it hold, what compensating controls exist. Many programs use a risk score that combines CVSS with environmental factors.

Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.
Start full test →

Other practice tests

All practice tests CISSP videos Glossary