What is called an event or activity that has the potential to cause harm to the information systems or networks?

A.
Vulnerability

B.
Threat agent

C.
Weakness

D.
Threat

Explanation:
A threat is any potential danger that is associated with the exploitation of a vulnerability. The threat is that
someone, or something, will identify a specific vulnerability and use it against the company or individual. The
entity that takes advantage of a vulnerability is referred to as a threat agent. A threat agent could be an intruder
accessing the network through a port on the firewall, a process accessing data in a way that violates the
security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could
expose confidential information.
Incorrect Answers:
A: Vulnerability is what can be exploited by a threat agent. It is not an event or activity that has the potential to
cause harm to the information systems or networks.
B: Threat agent is what can exploit a vulnerability. It is not an event or activity that has the potential to cause
harm to the information systems or networks.
C: A weakness is another work for vulnerability. It is not an event or activity that has the potential to cause harm
to the information systems or networks.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26