312-50V12 Question #192: Real Exam Question with Answer & Explanation

Question

During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?

Options

• ATemporal metric represents the inherent qualities of a vulnerability.
• BBase metric represents the inherent qualities of a vulnerability.
• CTemporal metric involves measuring vulnerabilities based on a specific environment or
• DEnvironmental metric involves the features that change during the lifetime of the vulnerability.

Explanation

The question assesses understanding of the Common Vulnerability Scoring System (CVSS) and its metric types. It specifically asks to identify the most accurate statement regarding how CVSS measures vulnerability characteristics.

Common mistakes.

• A. Temporal metrics measure how a vulnerability's characteristics change over time due to factors like exploit code availability or the release of patches, rather than representing its inherent qualities.
• C. Environmental metrics, not Temporal metrics, are used to adjust vulnerability scores based on the specific organizational context, security controls, and asset importance within a particular environment.
• D. This statement describes the function of Temporal metrics, which account for changes in vulnerability features over its lifetime, making it incorrect for Environmental metrics.

Concept tested. CVSS Metric Types and Definitions

Reference. https://www.first.org/cvss/v3.1/specification-document

No community discussion yet for this question.