Which of the following lists are valid data-gathering activities associated with a risk assessment?
A.
Threat identification,vulnerability identification,control analysis
B.
Threat identification,response identification,mitigation identification
C.
Attack profile,defense profile,loss profile
D.
System profile,vulnerability identification,security determination
D is the Ans.