210-255 · Question #126
What are the metric values of the confidentiality based on the CVSS framework?
The correct answer is C. High-Low-none. In CVSS v3.x, the Confidentiality Impact metric uses exactly three values: None, Low, and High.
Question
What are the metric values of the confidentiality based on the CVSS framework?
Options
- ALow-high
- BLow -Medium-high
- CHigh-Low-none
How the community answered
(29 responses)- A7% (2)
- B3% (1)
- C90% (26)
Why each option
In CVSS v3.x, the Confidentiality Impact metric uses exactly three values: None, Low, and High.
This choice omits the 'None' value, which is a required metric value in the CVSS v3.x Confidentiality Impact scoring.
'Medium' is not a valid Confidentiality Impact value in CVSS v3.x; that scale applies only to the overall CVSS score range, not to individual base metrics.
The CVSS v3.1 specification defines Confidentiality Impact (C) with three discrete values: None (N), Low (L), and High (H). 'None' means no confidentiality loss, 'Low' means limited disclosure of restricted information, and 'High' means total loss of confidentiality. Choice C lists all three correct values even though the order is unconventional.
Concept tested: CVSS v3 Confidentiality Impact metric values
Source: https://www.first.org/cvss/v3.1/specification-document
Topics
Community Discussion
No community discussion yet for this question.