nerdexam
Exams210-255Questions#26
Cisco

210-255 · Question #26

210-255 Question #26: Real Exam Question with Answer & Explanation

The correct answer is B: integrity. The CVSSv3 Integrity (I) metric measures the impact on data trustworthiness and accuracy, and increases when an attacker can modify files or data protected by the vulnerable component.

Security Policies and Procedures

Question

Which CVSSv3 metric value increases when the attacker is able to modify all files protected by the vulnerable component?

Options

  • Aconfidentiality
  • Bintegrity
  • Cavailability
  • Dcomplexity

Explanation

The CVSSv3 Integrity (I) metric measures the impact on data trustworthiness and accuracy, and increases when an attacker can modify files or data protected by the vulnerable component.

Common mistakes.

  • A. Confidentiality measures the impact of unauthorized information disclosure, not modification of data.
  • C. Availability measures the impact on access to the affected component or resource, such as service disruption or denial, not data modification.
  • D. Attack Complexity is an exploitability metric describing conditions beyond the attacker's control, not an impact metric related to what data is affected.

Concept tested. CVSSv3 impact metrics - Integrity scoring

Reference. https://www.first.org/cvss/v3.0/specification-document

Topics

#CVSSv3#integrity#vulnerability scoring#CVSS metrics

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice
Which CVSSv3 metric value increases when the attacker is able to... | 210-255 Q#26 Answer | NerdExam