Certified Ethical Hacker (CEH v13) — Question 142

During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?

Answer options

• A. Temporal metric represents the inherent qualities of a vulnerability.
• B. Base metric represents the inherent qualities of a vulnerability.
• C. Temporal metric involves measuring vulnerabilities based on a specific environment or implementation.
• D. Environmental metric involves the features that change during the lifetime of the vulnerability.

Correct answer: B

Explanation

The correct answer is B because the Base metric in CVSS assesses the intrinsic qualities of a vulnerability, such as its exploitability and impact. Option A is incorrect because the Temporal metric does not represent inherent qualities but rather changes over time. Option C mischaracterizes the Temporal metric, which does not focus on specific environments, and option D wrongly defines the Environmental metric, which actually considers the context in which the vulnerability exists.