CERTIFIED-IN-CYBERSECURITY Question #411: Real Exam Question with Answer & Explanation

Question

What is the term used to describe the combination of the likelihood of a threat and the potential impact of the threat?

Options

• ARisk
• BVulnerability
• CZero-Day
• DBreach

Explanation

In cybersecurity, risk is defined as the potential for loss or damage if a threat exploits a vulnerability. Risk is calculated as a function of the likelihood that a particular threat will trigger or exploit a particular vulnerability and the resulting impact on the organization. This concept is a cornerstone of risk management and is often used to determine the appropriate level of security controls and measures (see ISC2 Study Guide Chapter 2, Module 1). For example, consider a software company that discovers a vulnerability in its product. The risk is determined by the likelihood of a threat actor discovering and exploiting this vulnerability and the potential impact, such as financial loss or damage to the company's reputation. On the other hand, a breach is an incident in which unauthorized individuals gain access to secure data or systems. It doesn't represent the combination of threat probability and potential impact. Then, a zero-day refers to a vulnerability that is unknown to those who should be interested in mitigating it, such as the software vendor. It doesn't represent the combination of threat probability and potential impact. Finally, a vulnerability refers to a weakness in a system that a threat can exploit, not the combination of threat likelihood and potential impact.

No community discussion yet for this question.