Systems Security Certified Practitioner – SSCP – Question0582

The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?

A.
Threat
B. Exposure
C. Vulnerability
D. Risk

Correct Answer: C

Explanation:

A vulnerability is a weakness in a system that can be exploited by a threat. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 237.