nerdexam
Cisco

210-255 · Question #40

Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space?

The correct answer is C. availability. The CVSSv3 Availability impact metric reflects the degree to which a successful exploit degrades or destroys access to resources such as bandwidth, CPU, and disk.

Security Policies and Procedures

Question

Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space?

Options

  • Aconfidentiality
  • Bintegrity
  • Cavailability
  • Dcomplexity

How the community answered

(23 responses)
  • C
    96% (22)
  • D
    4% (1)

Why each option

The CVSSv3 Availability impact metric reflects the degree to which a successful exploit degrades or destroys access to resources such as bandwidth, CPU, and disk.

Aconfidentiality

Confidentiality measures unauthorized disclosure of information, not resource exhaustion.

Bintegrity

Integrity measures unauthorized modification or destruction of data, not the consumption of system resources.

CavailabilityCorrect

In CVSSv3, the Availability (A) metric measures the impact on the accessibility of the affected component. Attacks that exhaust network bandwidth, processor cycles, or disk space - classic denial-of-service conditions - directly prevent legitimate users from accessing the resource, which is the definition of reduced availability. A high Availability score indicates the component becomes completely unavailable.

Dcomplexity

Attack Complexity describes the conditions or prerequisites required to exploit a vulnerability, not the impact on system resources after exploitation.

Concept tested: CVSSv3 Availability impact metric and resource exhaustion

Source: https://www.first.org/cvss/v3.1/specification-document

Topics

#CVSSv3#availability#resource consumption#CVSS metrics

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice