nerdexam
GIAC

GCFA · Question #178

GCFA Question #178: Real Exam Question with Answer & Explanation

The correct answer is A. Threat Identification. NIST SP 800-30 defines Threat Identification as the specific risk assessment step whose goal is to identify potential threat-sources and produce a threat statement applicable to the IT system being evaluated.

Question

Which of the following NIST RA process steps has the goal to identify the potential threat-sources and compile a threat statement listing the potential threat-sources that are applicable to the IT system being evaluated?

Options

  • AThreat Identification
  • BVulnerability Identification
  • CImpact Analysis
  • DControl Analysis

Explanation

NIST SP 800-30 defines Threat Identification as the specific risk assessment step whose goal is to identify potential threat-sources and produce a threat statement applicable to the IT system being evaluated.

Common mistakes.

  • B. Vulnerability Identification is the step focused on discovering and cataloging weaknesses in the system itself, not on identifying the external or internal sources of threats.
  • C. Impact Analysis assesses the potential adverse consequences to the organization if a threat successfully exploits a vulnerability, occurring after threat and vulnerability identification are complete.
  • D. Control Analysis examines current and planned safeguards to determine whether they adequately reduce the likelihood of a threat exploiting a vulnerability, not to enumerate threat-sources.

Concept tested. NIST SP 800-30 risk assessment threat identification step

Reference. https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice