CompTIA CySA+ (CS0-003) — Question 444

A security analyst reviews the latest vulnerability scans and observes there are vulnerabilities with similar CVSSv3 scores but different base score metrics. Which of the following attack vectors should the analyst remediate first?

Answer options

• A. CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• B. CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• C. CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• D. CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Correct answer: C

Explanation

The correct answer is C because it represents a network attack vector (AV:N), which generally allows for remote exploitation without physical access, making it potentially more dangerous than the others. Options A, B, and D represent attack vectors that require physical (AV:P) or local (AV:A, AV:L) access, which typically limits the scope of the attack.