nerdexam
Exams210-255Questions#2
Cisco

210-255 · Question #2

210-255 Question #2: Real Exam Question with Answer & Explanation

The correct answer is B: physical. The CVSSv3 Physical attack vector is the only metric value requiring an attacker to physically touch or manipulate the vulnerable component to exploit it.

Question

Which CVSSv3 Attack Vector metric value requires the attacker to physically touch or manipulate the vulnerable component?

Options

  • Alocal
  • Bphysical
  • Cnetwork
  • Dadjacent

Explanation

The CVSSv3 Physical attack vector is the only metric value requiring an attacker to physically touch or manipulate the vulnerable component to exploit it.

Common mistakes.

  • A. The Local attack vector requires the attacker to have a local account or command-line access but does not require physically touching or manipulating the hardware component itself.
  • C. The Network attack vector means the component is exploitable from any remote network location with no physical proximity or local access required.
  • D. The Adjacent attack vector requires the attacker to share the same network segment or broadcast domain as the target but does not require physical contact with the device.

Concept tested. CVSSv3 Physical Attack Vector metric definition

Reference. https://www.first.org/cvss/v3.0/specification-document

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice