CompTIA Security Plus Mock Test Q490

A company’s Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster?

A. Risk
B. Asset
C. Threat
D. Vulnerability

Correct Answer: C
Section: Compliance and Operational Security

Explanation:
Threat is basically anything that can take advantage of any vulnerability that may be found. When the CIO realizes that the company cannot continue to operate after a disaster, the disaster is then the threat to the company.

Incorrect Answers:
A: Risk is two-fold in that it can be risk identification and risk calculation in any case it is part of a company’s security endeavor, not the disaster per se.
B: Asset would be a description of the company and its value not the disaster.
D: Vulnerability is a weakness or an error in a security protection of a system or a company.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 83