nerdexam
ExamsCISSPQuestions#1255
(ISC)2(ISC)2

CISSP · Question #1255

CISSP Question #1255: Real Exam Question with Answer & Explanation

The correct answer is D: Common Vulnerability Scoring System (CVSS). The framework that provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD) is the Common Vulnerability Scoring System (CVSS). CVSS is a framework that provides a standardized and consistent way to measure and communicate the severit

Submitted by emma.c· Mar 5, 2026Security Assessment and Testing

Question

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?

Options

  • ACenter for Internet Security (CIS)
  • BCommon Vulnerabilities and Exposures (CVE)
  • COpen Web Application Security Project (OWASP)
  • DCommon Vulnerability Scoring System (CVSS)

Explanation

The framework that provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD) is the Common Vulnerability Scoring System (CVSS). CVSS is a framework that provides a standardized and consistent way to measure and communicate the severity and the impact of the vulnerabilities or weaknesses that may affect the security or the functionality of the systems or the components. CVSS provides vulnerability metrics and characteristics, such as the base score, the temporal score, and the environmental score, that are based on the various factors or attributes of the vulnerabilities, such as the exploitability, the scope, the impact, the remediation, or the confidence. CVSS supports the NVD, which is a repository or a database that collects and maintains the information or the data about the publicly known or reported vulnerabilities or weaknesses that are identified by the Common Vulnerabilities and Exposures (CVE) identifiers. CVSS supports the NVD, because it can: Provide a common and uniform language or terminology for describing and defining the vulnerabilities or weaknesses that are included in the NVD, and facilitate the understanding and the comparison of the vulnerabilities or weaknesses among the users or the stakeholders. Provide a quantitative and qualitative assessment or evaluation of the vulnerabilities or weaknesses that are included in the NVD, and indicate the level of risk or threat that the vulnerabilities or weaknesses pose to the systems or the components. Provide a dynamic and flexible measurement or calculation of the vulnerabilities or weaknesses that are included in the NVD, and reflect the changes or the updates of the vulnerabilities or weaknesses over time or across different environments or scenarios.

Topics

#CVSS#vulnerability scoring#NVD#vulnerability management

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions