Which three things must be considered for the design, planning, and implementation of access
control mechanisms? (Choose three)
A.
Exposures
B.
Objectives
C.
Risks
D.
Vulnerabilities
E.
Threats
Explanation:
Threats, vulnerabilities, and risks are the three items that must be considered when designing
access control mechanisms. Threats are possible violations, vulnerabilities are shortcomings in
the system, and risks are measured by the likelihood that any particular threat may be carried out.