Home MCQs CISA Question #1743
Back to Questions
CISA QUESTION #1743
Question 1
In risk management terminology, what is the precise distinction between a threat and a vulnerability?
  • Threats are the exploitable paths through which a vulnerability manifests.
  • Threats represent risks that convert into vulnerabilities only when they actually occur.
  • A vulnerability is an exploitable pathway or weakness that enables a threat to materialise and cause harm.✔️
  • A vulnerability is a negative event that will inevitably result in a loss when it takes place.
Correct Answer Explanation
A threat is any potential event or agent that could cause harm to an asset if it occurs. A vulnerability is a flaw, weakness, or gap in a system, process, or control that provides a pathway through which a threat can be realised. The two concepts are distinct but interdependent: a threat without a vulnerability cannot cause harm, and a vulnerability without a threat poses no immediate risk. Together, they define the concept of risk.