Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 245

According to CVSS, what is attack complexity?

Answer options

• A. existing exploits available in the wild exploiting the vulnerability
• B. existing circumstances beyond the attacker's control to exploit the vulnerability
• C. number of actions an attacker should perform to exploit the vulnerability
• D. number of patches available for certain attack mitigation and how complex the workarounds are

Correct answer: B

Explanation

The correct answer, B, describes the factors outside the attacker's control that can impact their ability to exploit a vulnerability, which is a key component of attack complexity. Options A and C focus on the presence of exploits and the number of actions needed, respectively, which do not define attack complexity. Option D discusses patches and workarounds but does not relate directly to the concept of attack complexity as defined by CVSS.