312-50V10 · Question #900
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to prop
The correct answer is B. Low. WARNING - The stated correct answer B (Low) appears to be INCORRECT based on the official CVSS v3.0 severity rating scale. The CVSS v3.0 qualitative severity ratings are: None = 0.0, Low = 0.1–3.9, Medium = 4.0–6.9, High = 7.0–8.9, Critical = 9.0–10.0. A base score of 4.0 sits ex
Question
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?
Options
- AMedium
- BLow
- CCritical
- DHigh
How the community answered
(59 responses)- A2% (1)
- B92% (54)
- C2% (1)
- D5% (3)
Explanation
WARNING - The stated correct answer B (Low) appears to be INCORRECT based on the official CVSS v3.0 severity rating scale. The CVSS v3.0 qualitative severity ratings are: None = 0.0, Low = 0.1–3.9, Medium = 4.0–6.9, High = 7.0–8.9, Critical = 9.0–10.0. A base score of 4.0 sits exactly at the lower boundary of the MEDIUM range - not the Low range, which caps at 3.9. Therefore the correct answer should be A (Medium). This is defined by the official CVSS v3.0 specification from FIRST (Forum of Incident Response and Security Teams) and is unambiguous - any score from 4.0 to 6.9 inclusive is Medium severity. This appears to be an error in the provided answer key.
Topics
Community Discussion
No community discussion yet for this question.