CompTIA PenTest+ (PT0-001) — Question 60

A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a CVSS base score of 10.0. Which of the following levels of difficulty would be required to exploit this vulnerability?

Answer options

• A. Very difficult; perimeter systems are usually behind a firewall.
• B. Somewhat difficult; would require significant processing power to exploit.
• C. Trivial; little effort is required to exploit this finding.
• D. Impossible; external hosts are hardened to protect against attacks.

Correct answer: C

Explanation

A CVSS base score of 10.0 indicates a critical vulnerability that is easy to exploit, thus the correct answer is C, as it requires minimal effort. The other options suggest varying degrees of difficulty which do not align with the severity indicated by such a high CVSS score.