Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

APMG-International ISO-IEC-27001-Foundation Exam - Topic 1 Question 6 Discussion

What is the definition of a threat according to ISO/IEC 27000?
A) A potential cause of an unwanted incident which can result in harm to a system or organization
B) A single or a series of unwanted or unexpected information security events
C) A weakness of an asset or a control that can be exploited
D) The risk remaining after risk treatment

APMG-International ISO-IEC-27001-Foundation Exam - Topic 1 Question 6 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam
Question #: 6
Topic #: 1
[All ISO-IEC-27001-Foundation Questions]

What is the definition of a threat according to ISO/IEC 27000?

Show Suggested Answer Hide Answer
Suggested Answer: A

Comprehensive and Detailed Explanation From Exact Extract ISO/IEC 27000 standards:

According to ISO/IEC 27000:2018, Clause 3.74, a threat is defined as:

''Potential cause of an unwanted incident, which can result in harm to a system or organization.''

This definition directly matches option A.

Option B refers to an ''information security incident'' (ISO/IEC 27000:2018, Clause 3.32).

Option C describes a ''vulnerability'' (ISO/IEC 27000:2018, Clause 3.67).

Option D refers to ''residual risk'' (ISO/IEC 27000:2018, Clause 3.61).

The standard emphasizes that threats exploit vulnerabilities, causing incidents that can harm information confidentiality, integrity, and availability. Correctly identifying threats is critical for risk assessment (Clause 6.1.2). Thus, the correct definition per ISO/IEC 27000 is A.


by Vashti at Oct 15, 2025, 10:55 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Foundation Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dallas
3 months ago
A is clear and comprehensive. I’m going with that!
upvoted 0 times
...
Vilma
3 months ago
D doesn’t fit. It’s about risk after treatment, not threats.
upvoted 0 times
...
Gayla
3 months ago
C is interesting, but it’s more about weaknesses.
upvoted 0 times
...
Jina
4 months ago
B sounds tempting, but it’s too narrow.
upvoted 0 times
...
Rebeca
4 months ago
I agree, A feels right. It's about causes of incidents.
upvoted 0 times
...
Jesusa
4 months ago
I thought threats were just risks, this is new info!
upvoted 0 times
...
Viola
4 months ago
C sounds like a vulnerability, not a threat.
upvoted 0 times
...
Noel
4 months ago
Totally agree, it's all about potential causes.
upvoted 0 times
...
Phillip
4 months ago
Threats, vulnerabilities, and risks - oh my! Better brush up on your ISO/IEC 27000 terminology.
upvoted 0 times
...
Zona
5 months ago
D) is the definition of residual risk, not a threat. Time to hit the books again.
upvoted 0 times
...
Cassandra
5 months ago
C) sounds like the definition of a vulnerability, not a threat. Gotta pay closer attention in class.
upvoted 0 times
...
Eileen
5 months ago
I thought a threat was when your boss gives you a stern look. Guess I need to study more.
upvoted 0 times
...
Lina
5 months ago
A) is the correct definition of a threat according to ISO/IEC 27000.
upvoted 0 times
...
Luisa
5 months ago
Ugh, I hate questions that ask for specific definitions from standards. I'm going to have to guess on this one since I can't recall the exact wording.
upvoted 0 times
...
Elliott
6 months ago
A) is the right answer!
upvoted 0 times
...
Venita
6 months ago
Wait, isn't B more about events than threats?
upvoted 0 times
...
Sarah
6 months ago
I think A is the best choice. It covers potential harm.
upvoted 0 times
...
Anglea
6 months ago
The definition of a threat is definitely option A. I remember that clearly from my study materials. This should be a straightforward question.
upvoted 0 times
...
Marci
7 months ago
I'm a bit confused on this one. Is it asking for the definition of a threat, vulnerability, or risk? I want to make sure I select the right answer.
upvoted 0 times
...
Scot
7 months ago
Okay, let's see. A threat is a potential cause of an unwanted incident, right? I'm pretty sure that's the correct definition from the ISO standard.
upvoted 0 times
...
Justa
7 months ago
Hmm, I think this is asking for the ISO/IEC 27000 definition of a threat. I'll need to review my notes on that standard.
upvoted 0 times
Loreta
2 months ago
D is about risk, not a threat definition.
upvoted 0 times
...
Johnetta
2 months ago
C seems more about vulnerabilities, not threats.
upvoted 0 times
...
Rickie
2 months ago
I’m leaning towards B. It fits the context.
upvoted 0 times
...
Jani
6 months ago
I believe it's A. Sounds right to me.
upvoted 0 times
...
...
Jaleesa
7 months ago
I’m a bit confused; I thought threats were more about vulnerabilities, which makes me think of C, but that’s about weaknesses, right?
upvoted 0 times
...
Chaya
7 months ago
I practiced a similar question, and I think A is definitely the right choice because it talks about potential causes of incidents.
upvoted 0 times
...
Desmond
8 months ago
I remember studying this, and I feel like B sounds familiar too, but it might be more about incidents rather than threats.
upvoted 0 times
...
Dominga
8 months ago
I think a threat is related to potential harm, so I’m leaning towards A, but I’m not completely sure.
upvoted 0 times
...

Save Cancel