Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Practice > (7) CVSS Common Vulnerability Scoring System > Flashcards

(7) CVSS Common Vulnerability Scoring System Flashcards

1
Q

What is the Common Vulnerability Scoring System (CVSS)?

A

The CVSS is an industry standard for assessing the severity of security vulnerabilities.

It provides a technique for scoring each vulnerability on a variety of measures.

Each measure has a descriptive rating and a score

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do the first four measures of the Common Vulnerability Scoring System (CVSS) evaluate, and what do the last three evaluate? How about the eighth (and final) one?

A

The first four measures of the CVSS evaluate the exploitability of the vulnerability, while the last three evaluate the impact of the vulnerability.

The eight is about scope.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In the Common Vulnerability Scoring System (CVSS), what is the Attack Vector (AV)?

A

The AV metric describes how an attacker would exploit the vulnerability and is assigned according to various values which are Physical (P), Local (L), Adjacent Network (A), Network (N)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Within the Common Vulnerability Scoring System (CVSS), describe the attack complexity metric

A

The attack complexity metric describes the difficulty of exploiting the vulnerability and is assigned according to two values, which are High (H), and Low (L)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Within the Common Vulnerability Scoring System (CVSS), what is the Privileges Required (PR) Metric?

A

The PR metric describes the type of account access that an attack would need to take advantage of a vulnerability and is assigned to three values, High (H), Low (L), and None (N)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Within the Common Vulnerability Scoring System (CVSS), describe the User Interaction Metric

A

The User Interaction (UI) metric describes if the attacker needs to involve another person in the attack. It is assigned according to two values, None (N), and Required (R)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Within the Common Vulnerability Scoring System (CVSS), describe the Integrity Metric

A

The Integrity metric describes the type of information that might happen if an attacker exploits the vulnerability. It is assigned according to these values, None (N), Low (L), High (H)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Within the Common Vulnerability Scoring System, describe the Availability Metric

A

The availability metric describes the type of disruption that might occur if an attacker succeeds in what they are trying to do. It is assigned based on these values, None (N), Low (L), High (H)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

within the Common Vulnerability Scoring System (CVSS), describe the Scope Metric

A

The Scope Metric describes if the vulnerability can affect system components beyond the scope of the vulnerability. The metric is assigned according to these values, Unchanged (U), and Changed (C)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Within the Common Vulnerability Scoring System (CVSS), what is the CVSS vector?

A

The CVSS vector uses a single line format to refer the ratings of a vulnerability on all CVSS metrics.

The vector contains nine components, Attack Vector, Attack Complexity, Privileges Required, User interaction, Scope, Confidentiality, Integrity, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Within the Common Vulnerability Scoring System (CVSS), what is the CVSS base score?

A

The CVSS base score is a single number representing the overall risk posed by the vulnerability.

To get the base score, one must calculate the exploitability score, impact score, and impact function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Within the Common Vulnerability Scoring System, what is the Impact Sub Score (ISS)?

A

The metric summarizes the three impact metrics using the formula

ISS = 1 - [(1 - Confidentiality) x (1 - Integrity) x (1 - Availability)]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

within the Common Vulnerability Scoring System (CVSS), when calculating the impact score, what value must we take into account?

A

To calculate the impact score from the impact sub score, we have to take the value of the scope metric into consideration.

If the scope metric is unchanged, then the ISS is multiplied by 6.42.

Impact = X.XX * ISS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Considering the Common Vulnerability Scoring System (CVSS), when calculating the impact sub score, if the scope metric is changed, how are the calculations performed?

A

While calculating the impact sub score, If the scope metric is changed, the formula is:

Impact = X.XX x (ISS - 0.029) - 3.25 x (ISS - 0.02)^15

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Within the Common Vulnerability Scoring System (CVSS), what is exploitability and weaponization?

A

Exploitability is a measure of how likely it is that an attacker will use a vulnerability to gain access to a system.

Weaponization is the ability of an attacker to make an exploit that leverages a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Within the Common Vulnerability Scoring System (CVSS), how is exploitability calculated?

A

Exploitability is calculated with this formula:

Exploitability = 8.22 x AttackVector X AttackComplexity X PrivilegesRequired X UserInteraction

17
Q

Considering the Common Vulnerability Scoring System (CVSS), when trying to calculate the base score, if the impact is 0, what is the base score?

Also, is the scope metric is unchanged, how is the base score calculated?

A

If the impact is 0, so is the base score

If the scope metric is not changed, the base score is calculated by adding together the impact and exploitability scores and multiplying the result by 1.08

18
Q

Considering the Common Vulnerability Scoring System (CVSS), when calculating the base score, if the scope metric is changed, how is the base score calculated?
Also, what is the highest possible base score?

A

If the scope metric is changed, the base score is calculated by adding together the impact and exploitability scores and then multiplying the result by 1.08

The highest possible base score is 10, if the score you calculate is more than 10, set the score to 10

19
Q

What is the Common Vulnerability Scoring System Qualitative Severity Rating Scale (CVSS Qualitative Severity Scale)?

A

The CVSS Qualitative Severity Scale further summarizes the CVSS results by using risk categories instead of numeric risk ratings

20
Q

Considering the Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating Scale, what are the five categories that can be used as a result of the calculations?

A

0 = None

0.1-3.9 = Low

4.0-6.9 = Medium

7.0-8.9 = High

9.0-10.0 - Critical

Practice (89 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions