Which of the following best describes a vulnerability?

  1. A weakness that could be exploited ✓
  2. An active attack on a system
  3. A configuration that improves security
  4. A successful breach of security

Correct answer: A weakness that could be exploited

Option A is correct because in security terminology a vulnerability is a weakness, flaw, or gap in a system's design, implementation, or operation that could be exploited by a threat actor to compromise confidentiality, integrity, or availability. Option B is incorrect because an active attack describes a threat in progress; a vulnerability is a latent weakness that exists regardless of whether it is being actively exploited. Option C is incorrect because a security-improving configuration is a control or countermeasure, which is the opposite of a vulnerability. Option D is incorrect because a successful breach describes an incident or impact, which occurs when a threat actor exploits a vulnerability, not the vulnerability itself.

Topic: · vulnerability, threat, risk management, penetration testing

Practice CompTIA PenTest+ (PT0-002) Questions Free