nerdexam
Exams210-255Questions#126
Cisco

210-255 · Question #126

210-255 Question #126: Real Exam Question with Answer & Explanation

The correct answer is C: High-Low-none. In CVSS v3.x, the Confidentiality Impact metric uses exactly three values: None, Low, and High.

Security Monitoring

Question

What are the metric values of the confidentiality based on the CVSS framework?

Options

  • ALow-high
  • BLow -Medium-high
  • CHigh-Low-none

Explanation

In CVSS v3.x, the Confidentiality Impact metric uses exactly three values: None, Low, and High.

Common mistakes.

  • A. This choice omits the 'None' value, which is a required metric value in the CVSS v3.x Confidentiality Impact scoring.
  • B. 'Medium' is not a valid Confidentiality Impact value in CVSS v3.x; that scale applies only to the overall CVSS score range, not to individual base metrics.

Concept tested. CVSS v3 Confidentiality Impact metric values

Reference. https://www.first.org/cvss/v3.1/specification-document

Topics

#CVSS#confidentiality metric#metric values#vulnerability scoring

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice