Three things that must be considered for the planning and implementation
of access control mechanisms are:
A.
Threats, assets, and objectives.
B.
Threats, vulnerabilities, and risks.
C.
Vulnerabilities, secret keys, and exposures.
D.
Exposures, threats, and countermeasures.
Explanation:
The correct answer is “Threats, vulnerabilities, and risks”. Threats define the possible source of
security
policy violations; vulnerabilities describe weaknesses in the system
that might be exploited by the threats; and the risk determines the
probability of threats being realized. All three items must be present to
meaningfully apply access control. Therefore, the other answers are
incorrect.