Which of the following is the best description of vulnerability assessment?

A.
Determining what threats exist to your network.

B.
Determining the impact to your network if a threat is exploited.

C.
Determining the weaknesses in your network that would allow a threat to be exploited

D.
Determining the likelihood of a given threat being exploited.

Explanation:
Weaknesses in your network due to inherent technology weaknesses, mis-configuration, or lapses in security are vulnerabilities.

Answer option A is incorrect. Determining the threats to your network is threat assessment not vulnerability assessment. In fact this phase is done before vulnerability assessment Answer option D is incorrect. Determining the likelihood of a given attack is likelihood assessment.
This would be done after vulnerability assessment.

Answer option B is incorrect. Impact analysis is certainly important, but this is done after vulnerability assessment.