Valid CAS-005 Dumps shared by EduDump.com for Helping Passing CAS-005 Exam! EduDump.com now offer the newest CAS-005 exam dumps, the EduDump.com CAS-005 exam questions have been updated and answers have been corrected get the newest EduDump.com CAS-005 dumps with Test Engine here:
Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?
Correct Answer: C
CVSS's Environmental metrics let you tune the Base scores to your own environment by adjusting the Security Requirements (CR, IR, AR) for Confidentiality, Integrity, and Availability. By mapping those impact weights to your system classification (for example, marking Integrity as "High" for systems that can't tolerate data corruption), you get a recalculated environmental score that more accurately reflects real-world risk, while still sticking to the organization's policy of only remediating high/critical CVSS scores.