nerdexam
Exams210-255Questions#159
Cisco

210-255 · Question #159

210-255 Question #159: Real Exam Question with Answer & Explanation

The correct answer is A: high, low, none. In CVSS v3.0, the Confidentiality Impact metric uses exactly three values - High, Low, and None - to rate the degree of information disclosure resulting from a vulnerability.

Question

What are the metric values for confidentiality impact in the CVSS v3.0 framework?

Options

  • Ahigh, low, none
  • Bopen, closed, obsolete
  • Chigh, low
  • Dhigh, medium, none

Explanation

In CVSS v3.0, the Confidentiality Impact metric uses exactly three values - High, Low, and None - to rate the degree of information disclosure resulting from a vulnerability.

Common mistakes.

  • B. Open, closed, and obsolete are not valid CVSS metric values - these terms belong to other classification systems and have no meaning in the CVSS framework.
  • C. This answer omits the 'None' value, which is a valid and important metric indicating that the vulnerability has no impact on confidentiality.
  • D. CVSS v3.0 does not use a 'Medium' value for Confidentiality Impact - the scale skips from Low directly to High, unlike some other scoring frameworks.

Concept tested. CVSS v3.0 Confidentiality Impact metric values

Reference. https://www.first.org/cvss/v3.0/specification-document

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice