Exam GICSP Topic 1 Question 10 Discussion

Actual exam question for GIAC's GICSP exam
Question #: 10
Topic #: 1
Which resource includes a standardized categorization of common software vulnerabilities?

Suggested Answer: A Vote an answer

The Common Weakness Enumeration (CWE) (A) is a comprehensive list and taxonomy of common software weaknesses and vulnerabilities. It provides standardized names and definitions that help organizations identify and mitigate software security issues.
CVSS (B) is a scoring system used to rate the severity of vulnerabilities but does not categorize them.
CSC (C) refers to Critical Security Controls, a set of best practices, not a vulnerability catalog.
CIP (D) relates to Critical Infrastructure Protection standards, not vulnerability taxonomy.
GICSP includes CWE as an essential resource for understanding and classifying software vulnerabilities within ICS.
Reference:
GICSP Official Study Guide, Domain: ICS Security Governance & Compliance MITRE CWE Website GICSP Training on Vulnerability Management

by Roxanne at Sep 04, 2025, 01:01 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10