200-201 · Question #421
200-201 Question #421: Real Exam Question with Answer & Explanation
The correct answer is D: A vulnerability is the risk of exploiting a weakness in the application, and the target application. A vulnerability refers to a specific weakness in a system, application, or network that could be exploited by an attacker to cause harm. For example, a software flaw, misconfiguration, or lack of input validation could be vulnerabilities. An attack surface is the total set of poi
Question
What is the difference between a vulnerability and an attack surface?
Options
- AA vulnerability is unsanitized user input sent to exploit a web application, and the browser is the
- BThe attack surface is the SQL injection targeted on the database, and the database is the
- CThe attack surface is a sum of measured risks for a particular asset, and the vulnerability is an
- DA vulnerability is the risk of exploiting a weakness in the application, and the target application
Explanation
A vulnerability refers to a specific weakness in a system, application, or network that could be exploited by an attacker to cause harm. For example, a software flaw, misconfiguration, or lack of input validation could be vulnerabilities. An attack surface is the total set of points (interfaces, applications, or devices) in a system or network that an attacker can use to try to exploit vulnerabilities. This includes web applications, network interfaces, or even users themselves.
Topics
Community Discussion
No community discussion yet for this question.