nerdexam
Cisco

210-255 · Question #159

What are the metric values for confidentiality impact in the CVSS v3.0 framework?

The correct answer is A. high, low, none. In CVSS v3.0, the Confidentiality Impact metric uses exactly three values - High, Low, and None - to rate the degree of information disclosure resulting from a vulnerability.

Security Monitoring

Question

What are the metric values for confidentiality impact in the CVSS v3.0 framework?

Options

  • Ahigh, low, none
  • Bopen, closed, obsolete
  • Chigh, low
  • Dhigh, medium, none

How the community answered

(32 responses)
  • A
    91% (29)
  • B
    6% (2)
  • D
    3% (1)

Why each option

In CVSS v3.0, the Confidentiality Impact metric uses exactly three values - High, Low, and None - to rate the degree of information disclosure resulting from a vulnerability.

Ahigh, low, noneCorrect

CVSS v3.0 defines Confidentiality Impact (C) with three discrete values: None (no confidentiality impact), Low (access to some restricted information), and High (total loss of confidentiality or all information is disclosed). These three values apply consistently across Confidentiality, Integrity, and Availability impact metrics in the CVSS v3.0 scoring system.

Bopen, closed, obsolete

Open, closed, and obsolete are not valid CVSS metric values - these terms belong to other classification systems and have no meaning in the CVSS framework.

Chigh, low

This answer omits the 'None' value, which is a valid and important metric indicating that the vulnerability has no impact on confidentiality.

Dhigh, medium, none

CVSS v3.0 does not use a 'Medium' value for Confidentiality Impact - the scale skips from Low directly to High, unlike some other scoring frameworks.

Concept tested: CVSS v3.0 Confidentiality Impact metric values

Source: https://www.first.org/cvss/v3.0/specification-document

Topics

#CVSS v3.0#confidentiality impact#vulnerability scoring#security metrics

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice