312-50V11 · Question #711
It is an entity or event with the potential to adversely impact a system through unauthorized acces, destruction, disclosure, denial of service or modification of data. Which of the following terms be
The correct answer is C. Threat. The definition describes a Threat - any entity or event with the potential to cause harm to a system through unauthorized actions.
Question
It is an entity or event with the potential to adversely impact a system through unauthorized acces, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?
Options
- AAttack
- BVulnerability
- CThreat
- DRisk
How the community answered
(21 responses)- C95% (20)
- D5% (1)
Why each option
The definition describes a Threat - any entity or event with the potential to cause harm to a system through unauthorized actions.
An attack is the actual execution or attempt to exploit a vulnerability, not merely the potential to cause harm.
A vulnerability is a specific weakness or flaw in a system that can be exploited, not the external entity or event that could cause harm.
In information security, a threat is formally defined as any circumstance or event with the potential to adversely impact organizational operations or assets through unauthorized access, destruction, disclosure, denial of service, or data modification. This definition aligns precisely with the NIST and CEH frameworks, which distinguish a threat from a risk (likelihood x impact) or a vulnerability (exploitable weakness). The threat itself does not require active exploitation - only the potential for harm.
Risk is the probability that a threat will exploit a vulnerability combined with the resulting impact, not the threat itself.
Concept tested: Information security threat definition and taxonomy
Source: https://csrc.nist.gov/glossary/term/threat
Topics
Community Discussion
No community discussion yet for this question.