A Linux administrator is reviewing a security bulletin for a vulnerability found in a library used on their servers. The bulletin provides a CVSS v3.1 score. The administrator understands that the overall score is composed of several metric groups. Which metric group represents the intrinsic qualities of a vulnerability that are constant over time and across different user environments?
The correct answer is Base Score Metrics. The Common Vulnerability Scoring System (CVSS) is composed of three metric groups: Base, Temporal, and Environmental. The Base Score Metrics represent the inherent characteristics of a vulnerability, such as the attack vector and impact on confidentiality, which do not change over time or with different environments. The Temporal Score Metrics account for factors that change over time, like the availability of an exploit or a patch. The Environmental Score Metrics allow an organization to tailor the score to their specific environment, considering factors like security requirements and mitigating controls. Vulnerability Priority Rating (VPR) is a separate rating system used by vendors like Tenable and is not a standard CVSS metric group.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What information is included in the Base Score Metrics?
Open an interactive chat with Bash
How are the Temporal and Environmental Metric groups different from the Base Score Metrics?
Open an interactive chat with Bash
What is the Vulnerability Priority Rating (VPR), and how does it differ from CVSS v3.1 scores?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access