Exam GICSP Topic 1 Question 10 Discussion
Actual exam question for GIAC's GICSP exam
Question #: 10
Topic #: 1
Question #: 10
Topic #: 1
Which resource includes a standardized categorization of common software vulnerabilities?
Suggested Answer: A Vote an answer
The Common Weakness Enumeration (CWE) (A) is a comprehensive list and taxonomy of common software weaknesses and vulnerabilities. It provides standardized names and definitions that help organizations identify and mitigate software security issues.
CVSS (B) is a scoring system used to rate the severity of vulnerabilities but does not categorize them.
CSC (C) refers to Critical Security Controls, a set of best practices, not a vulnerability catalog.
CIP (D) relates to Critical Infrastructure Protection standards, not vulnerability taxonomy.
GICSP includes CWE as an essential resource for understanding and classifying software vulnerabilities within ICS.
Reference:
GICSP Official Study Guide, Domain: ICS Security Governance & Compliance MITRE CWE Website GICSP Training on Vulnerability Management
CVSS (B) is a scoring system used to rate the severity of vulnerabilities but does not categorize them.
CSC (C) refers to Critical Security Controls, a set of best practices, not a vulnerability catalog.
CIP (D) relates to Critical Infrastructure Protection standards, not vulnerability taxonomy.
GICSP includes CWE as an essential resource for understanding and classifying software vulnerabilities within ICS.
Reference:
GICSP Official Study Guide, Domain: ICS Security Governance & Compliance MITRE CWE Website GICSP Training on Vulnerability Management
by Roxanne at Sep 04, 2025, 01:01 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).