CERTIFIED-IN-CYBERSECURITY · Question #384
CERTIFIED-IN-CYBERSECURITY Question #384: Real Exam Question with Answer & Explanation
The correct answer is A: ...an exploitable weakness or flaw in a system or component. A vulnerability is a weakness or flaw in a system, network, or application that a threat actor can exploit to gain unauthorized access, disrupt operations, or perform other malicious activities. For example, a software flaw that allows an attacker to bypass authentication is a vu
Question
A vulnerability is ...
Options
- A...an exploitable weakness or flaw in a system or component
- B... possible event that can negatively impact the organization
- C...a means to gains access to systems
- D...an individual or a group using an exploit to defeat protection
Explanation
A vulnerability is a weakness or flaw in a system, network, or application that a threat actor can exploit to gain unauthorized access, disrupt operations, or perform other malicious activities. For example, a software flaw that allows an attacker to bypass authentication is a vulnerability (see ISC2 Study Guide, Chapter 1, Module 2). The other choices are wrong. Individuals or groups that use an exploit to bypass protection are threat actors, not vulnerabilities. A means of gaining access to systems is an exploit. An exploit is a method used by threat actors to take advantage of a vulnerability. A potential event that can negatively impact the organization is a risk. This is the potential for a vulnerability to be exploited by a threat.
Topics
Community Discussion
No community discussion yet for this question.