Which two sections comprise the Base Metric in the CVSS scoring system?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

Which two sections comprise the Base Metric in the CVSS scoring system?

Explanation:
The Base Metric in CVSS is defined by two main factors that establish the baseline severity: Exploitability and Impact. Exploitability covers how easily a vulnerability can be exploited, taking into account elements like how the attacker can access the system (the attack vector), the required sophistication or effort (attack complexity), whether privileges are needed, and whether user interaction is required. Impact measures the consequences if exploitation occurs, looking at how confidentiality, integrity, and availability would be affected. So the two sections that make up the Base Metric are Exploitability and Impact. The other options mix individual components or refer to terms that aren’t themselves the two base sections. For example, Access Vector is a part of Exploitability, while Integrity and Availability are parts of Impact, and Remediation relates to something outside the Base Metric.

The Base Metric in CVSS is defined by two main factors that establish the baseline severity: Exploitability and Impact. Exploitability covers how easily a vulnerability can be exploited, taking into account elements like how the attacker can access the system (the attack vector), the required sophistication or effort (attack complexity), whether privileges are needed, and whether user interaction is required. Impact measures the consequences if exploitation occurs, looking at how confidentiality, integrity, and availability would be affected. So the two sections that make up the Base Metric are Exploitability and Impact.

The other options mix individual components or refer to terms that aren’t themselves the two base sections. For example, Access Vector is a part of Exploitability, while Integrity and Availability are parts of Impact, and Remediation relates to something outside the Base Metric.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy