Which of the following is the best description of vulnerability assessment?
A.
Determining what threats exist to your network.
B.
Determining the impact to your network if a threat is exploited.
C.
Determining the weaknesses in your network that would allow a threat to be exploited
D.
Determining the likelihood of a given threat being exploited.
Explanation:
Weaknesses in your network due to inherent technology weaknesses, mis-configuration, or lapses in security are vulnerabilities.Answer option A is incorrect. Determining the threats to your network is threat assessment not vulnerability assessment. In fact this phase is done before vulnerability assessment Answer option D is incorrect. Determining the likelihood of a given attack is likelihood assessment.
This would be done after vulnerability assessment.Answer option B is incorrect. Impact analysis is certainly important, but this is done after vulnerability assessment.