The absence of a safeguard, or a weakness in a system t…

adminDecember 21, 2017

The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?

PrepAway - Latest Free Exam Questions & Answers

A.
Threat

B.
Exposure

C.
Vulnerability

D.
Risk

Explanation:
A vulnerability is defined as “the absence or weakness of a safeguard that could be exploited”.
A vulnerability is a lack of a countermeasure or a weakness in a countermeasure that is in place. It can be a
software, hardware, procedural, or human weakness that can be exploited. A vulnerability may be a service
running on a server, unpatched applications or operating systems, an unrestricted wireless access point, an
open port on a firewall, lax physical security that allows anyone to enter a server room, or unenforced password
management on servers and workstations.
Incorrect Answers:
A: A threat is any potential danger that is associated with the exploitation of a vulnerability.
B: An exposure is an instance of being exposed to losses. A vulnerability exposes an organization to possible
damages.
D: A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact.
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISC Exam Questions

Free ISC2 Study Guide

The absence of a safeguard, or a weakness in a system t…

Leave a Reply Cancel reply