nerdexam
(ISC)2

CISSP · Question #26

Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

The correct answer is C. Identifying the number of security flaws within the system. Identifying the number of security flaws within the system is the best assessment metric to understand a system's vulnerability to potential exploits. A security flaw is a weakness or a defect in the system's design, implementation, or operation that could be exploited by an atta

Submitted by fatima_kr· Mar 5, 2026Security Assessment and Testing

Question

Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

Options

  • ADetermining the probability that the system functions safely during any time period
  • BQuantifying the system's available services
  • CIdentifying the number of security flaws within the system
  • DMeasuring the system's integrity in the presence of failure

How the community answered

(19 responses)
  • A
    5% (1)
  • C
    95% (18)

Explanation

Identifying the number of security flaws within the system is the best assessment metric to understand a system's vulnerability to potential exploits. A security flaw is a weakness or a defect in the system's design, implementation, or operation that could be exploited by an attacker to compromise the system's confidentiality, integrity, or availability. By identifying the number of security flaws within the system, the assessor can measure the system's vulnerability, which is the degree to which the system is susceptible or exposed to attacks. Determining the probability that the system functions safely during any time period, quantifying the system's available services, and measuring the system's integrity in the presence of failure are not assessment metrics that directly relate to the system's vulnerability to potential exploits, as they are more concerned with the system's reliability, availability, and resilience.

Topics

#vulnerability assessment#exploit likelihood#security flaws#system assessment

Community Discussion

No community discussion yet for this question.

Full CISSP Practice