A vulnerability which exclusively results in denial-of-service, even if it is over the 4.0 score threshold, is not considered a failing vulnerability.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

A vulnerability which exclusively results in denial-of-service, even if it is over the 4.0 score threshold, is not considered a failing vulnerability.

Explanation:
Denial-of-service issues that affect only availability do not give an attacker access to cardholder data or the ability to alter it, nor do they directly enable unauthorized system control. PCI ASV guidance focuses on vulnerabilities that could impact the confidentiality, integrity, or secure access of cardholder data. If a vulnerability’s impact is exclusively on availability (a DoS), it does not count as a failing vulnerability for PCI DSS purposes, even if its CVSS score is above the 4.0 threshold. The important idea is that the risk from a DoS-only flaw isn’t about data exposure or manipulation, so it isn’t treated the same as vulnerabilities that could compromise cardholder data. Therefore, the statement is true. The other options don’t fit: it isn’t False because the DoS-only case isn’t treated as failing; it isn’t Not applicable to PCI because PCI does consider vulnerability categories and their impact on cardholder data, and it isn’t dependent on a specific CVSS version like “Only with CVSS 7.0.”

Denial-of-service issues that affect only availability do not give an attacker access to cardholder data or the ability to alter it, nor do they directly enable unauthorized system control. PCI ASV guidance focuses on vulnerabilities that could impact the confidentiality, integrity, or secure access of cardholder data. If a vulnerability’s impact is exclusively on availability (a DoS), it does not count as a failing vulnerability for PCI DSS purposes, even if its CVSS score is above the 4.0 threshold. The important idea is that the risk from a DoS-only flaw isn’t about data exposure or manipulation, so it isn’t treated the same as vulnerabilities that could compromise cardholder data. Therefore, the statement is true.

The other options don’t fit: it isn’t False because the DoS-only case isn’t treated as failing; it isn’t Not applicable to PCI because PCI does consider vulnerability categories and their impact on cardholder data, and it isn’t dependent on a specific CVSS version like “Only with CVSS 7.0.”

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy