CompTIA CySA+ (CS0-003) — Question 307

A security analyst is developing a script to filter firewall vulnerabilities. The script will impact the integrity of data hosted on devices connected to networks. Which of the following is a CVSS v4.0 that the analyst can use to test a true positive for the script?

Answer options

• A. AV:L/AC:H/AT:N/PR:L/VI:H/VC:H/VA:H/SC:N/SI:N/SA:N
• B. AV:N/AC:L/AT:N/PR:N/VI:N/VC:N/VA:N/SC:N/SI:H/SA:L
• C. AV:P/AC:L/AT:N/PR:H/VI:L/VC:L/VA:L/SC:N/SI:N/SA:N
• D. AV:A/AC:L/AT:N/PR:H/VI:N/VC:L/VA:L/SC:N/SI:N/SA:H

Correct answer: B

Explanation

Option B is correct because it indicates a network attack vector with low complexity and no privileges required, making it suitable for testing true positives without significant barriers. The other options either represent different attack vectors or complexity levels that do not align with the requirements for testing the script's effectiveness in this context.