Which of the following represents lack of adequate controls?
A.
Vulnerability
B.
Threat
C.
Asset
D.
Impact
Explanation:
Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing
harm to the information systems or networks. It can exist in hardware, operating systems,
firmware, applications, and configuration files. Hence lack of adequate controls represents
vulnerability and would ultimately cause threat to the enterprise.
Answer B is incorrect. Threat is the potential cause of unwanted incident.
Answer D is incorrect. Impact is the measure of the financial loss that the threat event may have.
Answer C is incorrect. Assets are economic resources that are tangible or intangible, and is
capable of being owned or controlled to produce value.