312-50V10 · Question #711
It is an entity or event with the potential to adversely impact a system through unauthorized acces, destruction, disclosure, denial of service or modification of data. Which of the following terms be
The correct answer is C. Threat. This question tests knowledge of core information security terminology, specifically the definition of a threat as a potential source of harm to a system.
Question
It is an entity or event with the potential to adversely impact a system through unauthorized acces, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?
Options
- AAttack
- BVulnerability
- CThreat
- DRisk
How the community answered
(28 responses)- A4% (1)
- B4% (1)
- C86% (24)
- D7% (2)
Why each option
This question tests knowledge of core information security terminology, specifically the definition of a threat as a potential source of harm to a system.
An attack is the actual deliberate action taken to exploit a vulnerability, meaning it is an active event rather than a potential one.
A vulnerability is a weakness or flaw in a system, process, or control that could be exploited - it describes a condition, not an entity or event.
A threat is defined as any entity, circumstance, or event with the potential to adversely impact organizational operations or assets through unauthorized access, destruction, disclosure, modification of data, or denial of service. This aligns precisely with NIST and ISC2 definitions used across security certifications. The key distinguishing word is 'potential' - a threat has not yet materialized into an actual attack.
Risk is the probability that a threat will exploit a vulnerability combined with the resulting impact, making it a calculated measure rather than the threat itself.
Concept tested: Core information security terminology - threat definition
Source: https://csrc.nist.gov/glossary/term/threat
Topics
Community Discussion
No community discussion yet for this question.