COPY: Cybersecurity CH3: Information Risk Assessment by Dr. Sanaa Taha

Questions and Answers

What does the CVSS model aim to provide?

A common way to describe vulnerabilities

What is defined as a vulnerability by the CVSS model?

A weakness of a device or application that could lead to a failure of confidentiality, integrity, or availability

What is the highest numeric value a vulnerability can be assigned on the CVSS scale?

10.0

Which standard recommends the use of CVSS for evaluating vulnerabilities?

PCI DSS

What is the main purpose of the Common Vulnerabilities and Exposures (CVE) dictionary identifier?

To uniquely identify vulnerabilities

'CVSS Metrics' assigns a numeric value on a scale from _____ to _____?

-10.0 to 10.0

What is NOT included in each NVD entry?

A software patch to fix the vulnerability

What is the maximum CVSS score that can represent the most severe security issue?

10.0

What is the purpose of CVSS metrics?

To generate numeric scores based on vulnerability characteristics

What is the main goal of providing links to websites and references in each NVD entry?

To help users find solutions for vulnerabilities