nerdexam
ExamsPT0-003Questions#208
CompTIACompTIA

PT0-003 · Question #208

PT0-003 Question #208: Real Exam Question with Answer & Explanation

The correct answer is B: Helping to prioritize remediation based on threat context. The Common Vulnerability Scoring System (CVSS) provides a standardized way to evaluate the severity of security vulnerabilities. It includes: Base Metrics: Inherent characteristics of a vulnerability (e.g., attack vector, complexity). Temporal Metrics: Factors that change over ti

Submitted by jordan8· Mar 6, 2026Engagement Management

Question

Which of the following are valid reasons for including base, temporal, and environmental CVSS metrics in the findings section of a penetration testing report? (Select two).

Options

  • AProviding details on how to remediate vulnerabilities
  • BHelping to prioritize remediation based on threat context
  • CIncluding links to the proof-of-concept exploit itself
  • DProviding information on attack complexity and vector
  • EPrioritizing compliance information needed for an audit
  • FAdding risk levels to each asset

Explanation

The Common Vulnerability Scoring System (CVSS) provides a standardized way to evaluate the severity of security vulnerabilities. It includes: Base Metrics: Inherent characteristics of a vulnerability (e.g., attack vector, complexity). Temporal Metrics: Factors that change over time (e.g., exploit availability). Environmental Metrics: Customization based on an organization's environment.

Topics

#CVSS metrics#Vulnerability reporting#Risk prioritization#Attack vector analysis

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-003 PracticeBrowse All PT0-003 Questions