Which three things must be considered for the design, planning, and implementation of access control mechanisms? (Choose three)
A.
Exposures
B.
Objectives
C.
Risks
D.
Vulnerabilities
E.
Threats
Explanation:
Threats, vulnerabilities, and risks are the three items that must be considered when designing access control mechanisms. Threats are possible violations, vulnerabilities are shortcomings in the system, and risks are measured by the likelihood that any particular threat may be carried out.