CompTIA CySA+ (CS0-003) — Question 495

Given the following CVSS string:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Which of the following attributes correctly describes this vulnerability?

Answer options

• A. A user is required to exploit this vulnerability.
• B. The vulnerability is network based.
• C. The vulnerability does not affect confidentiality.
• D. The complexity to exploit the vulnerability is high.

Correct answer: B

Explanation

The correct answer is B, as the 'AV:N' in the CVSS indicates that the attack vector is network-based. Option A is incorrect because 'PR:N' shows that no user interaction is required. Option C is wrong since 'C:H' denotes that confidentiality is highly impacted. Option D is not accurate because 'AC:L' indicates that the complexity to exploit is low, not high.