CompTIA CySA+ (CS0-003) — Question 414

An analyst reviews a recent government alert on new zero-day threats and finds the following CVE metrics for the most critical of the vulnerabilities:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:R

Which of the following represents the exploit code maturity of this critical vulnerability?

Answer options

• A. E:U
• B. S:C
• C. RC:R
• D. AV:N
• E. AC:L

Correct answer: A

Explanation

The correct answer is A, E:U, which stands for 'Exploit code maturity: Unproven.' This indicates that there is no known exploit code available for the vulnerability yet. The other options refer to different CVSS metrics: S:C indicates the scope, RC:R represents the remediation level, AV:N denotes the attack vector, and AC:L signifies the attack complexity, none of which pertain to exploit code maturity.