29 Nov Practice Test Question-The Common Vulnerability Scoring System
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Which metric from a CVSS 3 rating describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability?
A. AC
B. PR
C. UI
D. AV
Correct Answer: A
The Privileges Required (PR) metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. So, this is not the answer we are looking for.The Attack Complexity (AC) metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. So, this is the correct answer. The User Interaction (UI) metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. That is not what we are looking for here. The Attack Vector (AV) metric describes the context by which vulnerability exploitation is possible. So, that is not the correct answer here either.
Interested in more practice test questions?
Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!
No Comments