BCS CISMP-V9 Exam - Topic 8 Question 110 Discussion

Actual exam question for BCS's CISMP-V9 exam

Question #: 110
Topic #: 8

[All CISMP-V9 Questions]

According to ISO/IEC 27000, which of the following is the definition of a vulnerability?

AA weakness of an asset or group of assets that can be exploited by one or more threats.

BThe impact of a cyber attack on an asset or group of assets.

CThe threat that an asset or group of assets may be damaged by an exploit.

DThe damage that has been caused by a weakness iin a system.

Show Suggested Answer

Suggested Answer: A

The term 'vulnerability' within the context of ISO/IEC 27000 refers to any weakness present in an asset or group of assets that could potentially be exploited by one or more threats. This definition aligns with the concept of vulnerability as a gap in protection efforts that, if not addressed, could allow a threat to compromise the confidentiality, integrity, or availability of an asset. It is important to note that vulnerabilities can be identified in various components of an organization's infrastructure, including hardware, software, processes, and even personnel. Effective information security management involves identifying these vulnerabilities through risk assessments and implementing appropriate controls to mitigate the risk of exploitation.

by Evan at Mar 31, 2026, 07:30 PM

Limited Time Offer

25%

1 month ago

I think a vulnerability is more about the weaknesses in a system, so I’m leaning towards option A.

upvoted 0 times

...