nerdexam
Cisco

210-255 · Question #126

What are the metric values of the confidentiality based on the CVSS framework?

The correct answer is C. High-Low-none. In CVSS v3.x, the Confidentiality Impact metric uses exactly three values: None, Low, and High.

Security Monitoring

Question

What are the metric values of the confidentiality based on the CVSS framework?

Options

  • ALow-high
  • BLow -Medium-high
  • CHigh-Low-none

How the community answered

(29 responses)
  • A
    7% (2)
  • B
    3% (1)
  • C
    90% (26)

Why each option

In CVSS v3.x, the Confidentiality Impact metric uses exactly three values: None, Low, and High.

ALow-high

This choice omits the 'None' value, which is a required metric value in the CVSS v3.x Confidentiality Impact scoring.

BLow -Medium-high

'Medium' is not a valid Confidentiality Impact value in CVSS v3.x; that scale applies only to the overall CVSS score range, not to individual base metrics.

CHigh-Low-noneCorrect

The CVSS v3.1 specification defines Confidentiality Impact (C) with three discrete values: None (N), Low (L), and High (H). 'None' means no confidentiality loss, 'Low' means limited disclosure of restricted information, and 'High' means total loss of confidentiality. Choice C lists all three correct values even though the order is unconventional.

Concept tested: CVSS v3 Confidentiality Impact metric values

Source: https://www.first.org/cvss/v3.1/specification-document

Topics

#CVSS#confidentiality metric#metric values#vulnerability scoring

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice