Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CAS-005 Exam - Topic 3 Question 20 Discussion

Actual exam question for CompTIA's CAS-005 exam
Question #: 20
Topic #: 3
[All CAS-005 Questions]

[Security Architecture]

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select three).

Show Suggested Answer Hide Answer
Suggested Answer: A, E, F

The Common Vulnerability Scoring System (CVSS) v3.1 uses three metric groups to calculate overall scores:Base,Temporal, andEnvironmental.

Base (E):Mandatory metrics assessing exploitability (e.g., attack vector) and impact (confidentiality, integrity, availability).

Temporal (A):Optional metrics reflecting the current state of the vulnerability (e.g., exploit availability, remediation level).

Environmental (F):Optional metrics tailoring the score to the organization's context (e.g., security requirements).

B, C, D (Availability, Integrity, Confidentiality):These are subcomponents of the Base Impact metrics, not standalone groups.

G (Impact):A categorywithin Base, not a group.

H (Attack vector):A single Base metric, not a group.


by Nu at Nov 19, 2025, 01:33 PM

Limited Time Offer

25%

Off

Get Premium CAS-005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kattie
1 month ago
Exactly! Without all three, the remediation might miss critical vulnerabilities.
upvoted 0 times
...
Jaime
1 month ago
I feel like understanding all three is essential for accurate prioritization.
upvoted 0 times
...
Tresa
2 months ago
Environmental metrics help tailor the score to specific environments.
upvoted 0 times
...
Kati
2 months ago
Don't forget about Temporal metrics. They show how the threat evolves.
upvoted 0 times
...
India
2 months ago
Agreed! Base metrics are crucial for the initial score.
upvoted 0 times
...
Lashunda
2 months ago
I think the analyst needs to focus on the Base, Temporal, and Environmental metrics.
upvoted 0 times
...
Lisandra
2 months ago
Wow, I didn't know Environmental was a factor!
upvoted 0 times
...
Evangelina
2 months ago
I thought you only needed Base and Temporal.
upvoted 0 times
...
Gail
3 months ago
Wait, are you sure about Environmental? Seems less important.
upvoted 0 times
...
Dana
3 months ago
Totally agree, those are the key ones!
upvoted 0 times
...
Paulina
3 months ago
You need the Base, Temporal, and Environmental metrics.
upvoted 0 times
...
Chauncey
4 months ago
Ah, the age-old question of CVSS metrics. I'll just consult my trusty cybersecurity crystal ball.
upvoted 0 times
...
Jannette
4 months ago
I'm just here for the free snacks. What do these CVSS things have to do with my love of cookies?
upvoted 0 times
...
Fidelia
4 months ago
I heard the correct answer is Attack Vector, Attack Complexity, and Privileges Required. Nailed it!
upvoted 0 times
...
Lavina
4 months ago
Don't forget the Scope and User Interaction factors. Gotta have a complete picture for those CVSS scores!
upvoted 0 times
...
Precious
4 months ago
Definitely need to look at the Confidentiality, Integrity, and Availability impact as well. Can't forget those key metrics!
upvoted 0 times
...
Annice
4 months ago
The analyst would need to determine the Attack Vector, Attack Complexity, and Privileges Required to get the overall CVSS scores.
upvoted 0 times
...
Janet
5 months ago
I’m pretty confident that Base metrics are essential, but I’m a bit confused about whether we need Temporal or Environmental for the overall score.
upvoted 0 times
...
Franklyn
5 months ago
Got it, the three metric groups are base, temporal, and environmental. That makes sense to get the full picture for prioritizing remediation. I feel pretty confident I can answer this question now.
upvoted 0 times
...
Brittni
5 months ago
Okay, for CVSS scoring, we need to consider the base metrics, which cover the vulnerability characteristics. Then there are the temporal metrics for the current state of the vulnerability, and the environmental metrics for the specific organization.
upvoted 0 times
...
Janet
5 months ago
I remember practicing a question about CVSS scores, and I think the Base metrics are definitely one of them. Not sure about the other two though.
upvoted 0 times
...
Lisha
6 months ago
I feel like Temporal metrics might be important for understanding how quickly a vulnerability can be exploited, but I can't recall the third one.
upvoted 0 times
...
Devora
6 months ago
I think we need to look at the Base, Temporal, and Environmental metrics, but I'm not entirely sure if Environmental is always necessary.
upvoted 0 times
...
Claribel
6 months ago
Hmm, I'm a bit unsure about this. I know CVSS has different metric groups, but I can't remember which ones exactly. I'll have to review my notes.
upvoted 0 times
...
Laurel
6 months ago
I think I know this one. We need to look at the base, temporal, and environmental metric groups to calculate the overall CVSS score.
upvoted 0 times
Reita
21 days ago
It's all about getting a comprehensive view of the vulnerabilities!
upvoted 0 times
...
Danica
26 days ago
Environmental metrics help tailor the score to specific situations.
upvoted 0 times
...
Antonio
1 month ago
Don't forget about the temporal metrics, they can change over time.
upvoted 0 times
...
Roxane
5 months ago
Base metrics are definitely the starting point!
upvoted 0 times
...
Fannie
5 months ago
I agree, those three groups are essential for the CVSS score.
upvoted 0 times
...
...

Save Cancel