CompTIA Security Plus Mock Test Q490

A company’s Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster?

A. Risk
B. Asset
C. Threat
D. Vulnerability

Correct Answer: C
Section: Compliance and Operational Security

Threat is basically anything that can take advantage of any vulnerability that may be found. When the CIO realizes that the company cannot continue to operate after a disaster, the disaster is then the threat to the company.

Incorrect Answers:
A: Risk is two-fold in that it can be risk identification and risk calculation in any case it is part of a company’s security endeavor, not the disaster per se.
B: Asset would be a description of the company and its value not the disaster.
D: Vulnerability is a weakness or an error in a security protection of a system or a company.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 83