PrepAway - Latest Free Exam Questions & Answers

What can be defined as an event that could cause harm t…

What can be defined as an event that could cause harm to the information systems?

PrepAway - Latest Free Exam Questions & Answers

A.
A risk

B.
A threat

C.
A vulnerability

D.
A weakness

Explanation:
A threat is any potential danger that is associated with the exploitation of a vulnerability. The threat is that
someone, or something, will identify a specific vulnerability and use it against the company or individual. The
entity that takes advantage of a vulnerability is referred to as a threat agent. A threat agent could be an intruder
accessing the network through a port on the firewall, a process accessing data in a way that violates the
security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could
expose confidential information.
Incorrect Answers:
A: A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact.
C: A vulnerability is the absence or weakness of a safeguard that could be exploited.D: A weakness is the state of something being weak. For example, a weak security measure would be a
vulnerability. A weakness is not what is described in this question.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26


Leave a Reply