CompTIA PenTest+ (PT0-001) — Question 189

A client needs to be PCI compliant and has external-facing web servers. Which of the following CVSS vulnerability scores would automatically bring the client out of compliance standards such as PCI 3.x?

Answer options

• A. 2.9
• B. 3.0
• C. 4.0
• D. 5.9

Correct answer: C

Explanation

A CVSS score of 4.0 indicates a medium severity vulnerability, which can have significant implications for security, particularly for external-facing servers that must adhere to PCI compliance. Scores of 2.9, 3.0, and 5.9 either fall below the threshold that would trigger non-compliance or do not represent the critical nature of vulnerabilities that would affect PCI standards.