Which of the following is NOT a component of the CVSS Base Score?
Think about the core factors that describe the vulnerability itself, not the environment or temporal factors.
The CVSS Base Score includes Attack Vector, User Interaction, Privileges Required, Confidentiality, Integrity, and Availability impacts. Exploit Code Maturity is part of the Temporal Score, not the Base Score.
What does an Attack Vector value of Network indicate in CVSS?
Consider how far the attacker needs to be to exploit the vulnerability.
An Attack Vector of Network means the attacker can exploit the vulnerability remotely over a network without physical or local access.
Given a vulnerability with the following CVSS Base metrics:
Attack Vector: Network
Privileges Required: None
User Interaction: None
Confidentiality Impact: High
Integrity Impact: Low
Availability Impact: None
Which of the following best describes the overall impact on the system?
Review each impact metric carefully and match them to the description.
The given metrics specify a high confidentiality impact, low integrity impact, and no availability impact, matching option D.
How does the Exploit Code Maturity temporal metric affect the CVSS score over time?
Think about how the availability of exploit code changes the risk level.
Exploit Code Maturity increases the CVSS score when exploit code is widely available and reliable, indicating higher risk.
Which environmental metric in CVSS adjusts the score based on how important the affected system's Confidentiality is to an organization?
Consider which metric lets an organization express how critical confidentiality is for their environment.
Security Requirements - Confidentiality allows organizations to adjust the score based on how important confidentiality is to them, affecting the environmental score.