CompTIA CySA+ (CS0-002) — Question 165

A customer notifies a security analyst that a web application is vulnerable to information disclosure. The analyst needs to indicate the severity of the vulnerability based on its CVSS score, which the analyst needs to calculate. When analyzing the vulnerability, the analyst realizes that for the attack to be successful, the Tomcat configuration file must be modified. Which of the following values should the security analyst choose when evaluating the CVSS score?

Answer options

• A. Network
• B. Physical
• C. Adjacent
• D. Local

Correct answer: D

Explanation

The correct answer is D (Local) because the vulnerability requires modification of a local file, indicating that an attacker must have local access to exploit it. Options A (Network) and C (Adjacent) imply remote access, while B (Physical) suggests physical access, which is not applicable in this scenario.