Server CVE Quiz

George's server is being actively exploited by an attack. He discovers that it has a CVE of 2310 related to it. This CVE requires no user interaction or privilege escalation and has a big impact to confidentiality and integrity but not to availability. Which of the following CVE metrics would be most accurate for this threat?

George wants to complete some vulnerability scans on various devices in the network without affecting network traffic. Which of the following would best meet this requirement?

George has concerns about his employees who continue to click on unknown links sent from emails. In regard to CVSS criteria, which would he be most concerned with on the provided table?

A free security tool actively maintained by international volunteers. It automatically identifies web application security vulnerabilities during development and testing.

Security standard for ecommerce websites that accept Visa and Mastercard

Which of the following are considered passive vulnerability scanners?

Which of the following are considered web application scanners? (Pick 2)

Used to evaluate and rank reported vulnerabilities in a standardized and repeatable way

What is the impact to integrity identified in the following vector?

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

What is the impact to confidentiality identified in the following vector? CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H