210-255 · Question #40
Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space?
The correct answer is C. availability. The CVSSv3 Availability impact metric reflects the degree to which a successful exploit degrades or destroys access to resources such as bandwidth, CPU, and disk.
Question
Which CVSSv3 metric value increases when attacks consume network bandwidth, processor cycles, or disk space?
Options
- Aconfidentiality
- Bintegrity
- Cavailability
- Dcomplexity
How the community answered
(23 responses)- C96% (22)
- D4% (1)
Why each option
The CVSSv3 Availability impact metric reflects the degree to which a successful exploit degrades or destroys access to resources such as bandwidth, CPU, and disk.
Confidentiality measures unauthorized disclosure of information, not resource exhaustion.
Integrity measures unauthorized modification or destruction of data, not the consumption of system resources.
In CVSSv3, the Availability (A) metric measures the impact on the accessibility of the affected component. Attacks that exhaust network bandwidth, processor cycles, or disk space - classic denial-of-service conditions - directly prevent legitimate users from accessing the resource, which is the definition of reduced availability. A high Availability score indicates the component becomes completely unavailable.
Attack Complexity describes the conditions or prerequisites required to exploit a vulnerability, not the impact on system resources after exploitation.
Concept tested: CVSSv3 Availability impact metric and resource exhaustion
Source: https://www.first.org/cvss/v3.1/specification-document
Topics
Community Discussion
No community discussion yet for this question.