Certified Ethical Hacker (CEH v12) — Question 128

During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?

Answer options

• A. Temporal metric represents the inherent qualities of a vulnerability.
• B. Base metric represents the inherent qualities of a vulnerability.
• C. Temporal metric involves measuring vulnerabilities based on a specific environment or implementation.
• D. Environmental metric involves the features that change during the lifetime of the vulnerability.

Correct answer: B

Explanation

The correct answer is B because the Base metric in CVSS reflects the inherent and fundamental characteristics of a vulnerability, remaining stable over time. Option A is incorrect as it misattributes the definition of the Temporal metric, which actually relates to the different states of a vulnerability. Option C incorrectly describes the Temporal metric, which focuses on the temporal aspects rather than environmental specifics. Option D mischaracterizes the Environmental metric, which is more about contextual factors rather than features that change over time.