nerdexam
EC-Council

312-50V10 · Question #789

Which of the following steps for risk assessment methodology refers to vulnerability identification?

The correct answer is D. Determines if any flaws exist in systems, policies, or procedures. In risk assessment methodology, vulnerability identification is the step that determines whether flaws exist in systems, policies, or procedures that could be exploited by a threat.

Information Security and Ethical Hacking Fundamentals

Question

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Options

  • AAssigns values to risk probabilities; Impact values
  • BDetermines risk probability that vulnerability will be exploited (High, Medium, Low)
  • CIdentifies sources of harm to an IT system (Natural, Human, Environmental)
  • DDetermines if any flaws exist in systems, policies, or procedures

How the community answered

(27 responses)
  • A
    4% (1)
  • C
    4% (1)
  • D
    93% (25)

Why each option

In risk assessment methodology, vulnerability identification is the step that determines whether flaws exist in systems, policies, or procedures that could be exploited by a threat.

AAssigns values to risk probabilities; Impact values

Assigning values to risk probabilities and impact values is part of risk analysis or quantitative risk assessment, not vulnerability identification.

BDetermines risk probability that vulnerability will be exploited (High, Medium, Low)

Determining the probability that a vulnerability will be exploited (High, Medium, Low) is the risk likelihood or probability assessment step, which occurs after vulnerabilities are already identified.

CIdentifies sources of harm to an IT system (Natural, Human, Environmental)

Identifying sources of harm such as natural, human, or environmental factors describes threat identification, which is a separate step from vulnerability identification.

DDetermines if any flaws exist in systems, policies, or proceduresCorrect

Vulnerability identification specifically involves examining IT systems, security policies, and operational procedures to detect weaknesses or flaws that could be exploited. This is a distinct step from threat identification or risk probability assessment, and it directly answers what assets are susceptible to harm.

Concept tested: Risk assessment methodology - vulnerability identification step

Source: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

Topics

#risk assessment#vulnerability identification#risk methodology#IT system flaws

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice