CGRC Question #409: Real Exam Question with Answer & Explanation

The correct answer is A: Threat Scenario. A Threat Scenario is defined as a set of discrete threat events, associated with one or more specific threat sources, which are partially ordered in time, describing a potential sequence of actions. This concept helps in visualizing and analyzing potential attack paths.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

A set of discrete threat events, associated with a specific threat source or multiple threat sources, partially ordered in time. Response:

Options

AThreat Scenario
BThreat Event
CThreat Source
DThreat Assessment

Explanation

A Threat Scenario is defined as a set of discrete threat events, associated with one or more specific threat sources, which are partially ordered in time, describing a potential sequence of actions. This concept helps in visualizing and analyzing potential attack paths.

Common mistakes.

B. A "Threat Event" is a single adverse event, not a set or sequence of events.
C. A "Threat Source" is the actor or entity causing a threat (e.g., hacker, natural disaster), not the sequence of events itself.
D. A "Threat Assessment" is the broader process of identifying and evaluating potential threats, not the specific definition of a timed sequence of threat events.

Concept tested. Definition of threat scenario

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-30r1.pdf

Topics

#Threat Scenario#Risk Terminology#Threat Events#Risk Management

Community Discussion

No community discussion yet for this question.

Full CGRC Practice Browse All CGRC Questions