COPY: Cybersecurity CH3: Information Risk Assessment by Dr. Sanaa Taha

Questions and Answers

What does the CVSS model aim to provide?

• An encrypted communication channel
• An open source framework
• A common way to describe vulnerabilities (correct)
• A closed system for measuring vulnerabilities

What is defined as a vulnerability by the CVSS model?

• A security feature of an application
• A weakness of a device or application that could lead to a failure of confidentiality, integrity, or availability (correct)
• A strength of a system
• A minor bug in the system

What is the highest numeric value a vulnerability can be assigned on the CVSS scale?

• 1.0
• 100.0
• 10.0 (correct)
• 5.0

Which standard recommends the use of CVSS for evaluating vulnerabilities?

PCI DSS (A)

What is the main purpose of the Common Vulnerabilities and Exposures (CVE) dictionary identifier?

To uniquely identify vulnerabilities (A)

'CVSS Metrics' assigns a numeric value on a scale from _____ to _____?

-10.0 to 10.0 (A)

What is NOT included in each NVD entry?

A software patch to fix the vulnerability (B)

What is the maximum CVSS score that can represent the most severe security issue?

10.0 (C)

What is the purpose of CVSS metrics?

To generate numeric scores based on vulnerability characteristics (A)

What is the main goal of providing links to websites and references in each NVD entry?

To help users find solutions for vulnerabilities (C)