Which statement best distinguishes threat, vulnerability, and risk?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Boost your cybersecurity skills with our NOCTI Cybersecurity Standard Certification Quiz. Explore detailed questions and explanations to enhance your preparation and succeed on your certification exam!

Multiple Choice

Which statement best distinguishes threat, vulnerability, and risk?

Explanation:
Understanding how threat, vulnerability, and risk relate helps you assess security effectively. A threat is a potential danger or attacker that could cause harm. A vulnerability is a weakness in a system that could be exploited by that threat. Risk combines those ideas: it is the likelihood that the threat will exploit the vulnerability and the impact if it happens. So the best statement matches that relationship: a threat is a potential danger, a vulnerability is a weakness, and risk is the likelihood and impact of a threat exploiting a vulnerability. For example, a weak password is a vulnerability; automated attacks are a threat; the chance of a breach and its consequences define the risk. The other statements mischaracterize these concepts. A threat is not a vulnerability and patches address vulnerabilities, not risk being unrelated. Threats and vulnerabilities are connected in calculating risk. And risk is not the probability that a system will never fail; it’s about the chance of harm occurring and how severe that harm would be.

Understanding how threat, vulnerability, and risk relate helps you assess security effectively. A threat is a potential danger or attacker that could cause harm. A vulnerability is a weakness in a system that could be exploited by that threat. Risk combines those ideas: it is the likelihood that the threat will exploit the vulnerability and the impact if it happens.

So the best statement matches that relationship: a threat is a potential danger, a vulnerability is a weakness, and risk is the likelihood and impact of a threat exploiting a vulnerability. For example, a weak password is a vulnerability; automated attacks are a threat; the chance of a breach and its consequences define the risk.

The other statements mischaracterize these concepts. A threat is not a vulnerability and patches address vulnerabilities, not risk being unrelated. Threats and vulnerabilities are connected in calculating risk. And risk is not the probability that a system will never fail; it’s about the chance of harm occurring and how severe that harm would be.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy