A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Choose three.)
Note: The "Base" metrics provide the initial score, while the "Temporal" and "Environmental" metrics adjust the score based on the current state and the specific context, respectively. Metrics like "Availability," "Integrity," and "Confidentiality" are components within the Base metric group, and "Impact" and "Attack vector" are specific aspects that contribute to calculating the Base score.
CVSS scores are calculated using a formula consisting of vulnerability-based metrics. A CVSS score is derived from scores in these three groups: Base, Temporal and Environmental. Scores range from zero to 10, with zero representing the least severe and 10 representing the most severe
A CVSS score is derived from scores in the following three metrics groups: Base Temporal Environmental
See https://www.techtarget.com/searchsecurity/definition/CVSS-Common-Vulnerability-Scoring-System#:~:text=A%20CVSS%20score%20is%20derived%20from%20scores%20in,including%20its%20impact%20and%20environmental%20endurance%20over%20time.
The Common Vulnerability Scoring System (CVSS) is a method used to supply a qualitative measure of severity. CVSS is not a measure of risk. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base metrics produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and Environmental metrics.
E. Base - This group includes metrics that are based on the characteristics of the vulnerability itself, such as the attack complexity, authentication requirements, and exploitability.
G. Impact - This group includes metrics that measure the potential impact of the vulnerability, such as the scope of the impact, the severity of the consequences, and the affected assets.
H. Attack vector - This group includes metrics that describe how the vulnerability is accessed or exploited, such as whether the attacker needs physical access or whether the vulnerability can be exploited remotely.
Base: This group contains the fundamental qualities of a vulnerability and includes metrics such as attack complexity and exploitability.
Temporal: This group contains qualities that change over time like patch level, availability of exploit code, and remediation level.
Environmental: This group contains qualities that are specific to an organization's environment such as business value and asset criticality.
A - Temporal
E - Base
F - Environmental
From the CompTIA official CASP+ Cert Guide
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CAS-004 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Bright07
8 months agosuprman4485
1 year, 2 months agob49eb27
1 year agoDelab202
1 year, 3 months agojan2134
2 years, 1 month agoandre0994
2 years, 1 month ago[Removed]
2 years, 1 month agodragonflysecurity
2 years, 1 month agoWOM127
2 years, 1 month agoCock
2 years, 1 month agounBREAKable_Fs4
2 years, 1 month ago