CompTIA PenTest+

I am taking the Cybrary CompTIA PenTest+ training and I am trying to complete section 4.2. None of the answers that I put in for question 3 are accepted and I don’t understand why. My own understanding and based on the material in the course, it should cvss or cvss scores. I can’t complete this section without the answer and don’t understand why this isn’t correct. The question: Risk prioritization is often based on a ____________ framework to categorize vulnerabilities according to their severity.

I am having the same problem with section 4.4. Can anyone help!!!?