Cisco
210-255 · Question #122
210-255 Question #122: Real Exam Question with Answer & Explanation
The correct answer is C: confidentiality of the information resources managed by a software component due to a. In CVSS v3.0, confidentiality impact is defined in terms of the information resources managed by a software component that are affected by a successfully exploited vulnerability.
Security Monitoring
Question
How is confidentiality defined in the CVSS v3.0 framework?
Options
- Aconfidentiality of the information resource managed by person due to an unsuccessfully exploited
- Bconfidentiality of the information resource managed by a person due to a successfully
- Cconfidentiality of the information resources managed by a software component due to a
- Dconfidentiality of the information resource managed by a software component due to an
Explanation
In CVSS v3.0, confidentiality impact is defined in terms of the information resources managed by a software component that are affected by a successfully exploited vulnerability.
Common mistakes.
- A. This choice incorrectly references a person instead of a software component and describes an unsuccessful exploit, whereas CVSS measures impact from successful exploitation.
- B. This choice incorrectly attributes the confidentiality impact to a person rather than a software component, which is not consistent with CVSS v3.0 terminology.
- D. This choice correctly references a software component but incorrectly describes an unsuccessful exploit, whereas CVSS v3.0 confidentiality impact is defined in terms of successful exploitation.
Concept tested. CVSS v3.0 confidentiality impact metric definition
Reference. https://www.first.org/cvss/v3.0/specification-document
Topics
#CVSS v3.0#confidentiality metric#vulnerability scoring#software components
Community Discussion
No community discussion yet for this question.