New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 SSCP Exam - Topic 1 Question 108 Discussion

Actual exam question for ISC2's SSCP exam
Question #: 108
Topic #: 1
[All SSCP Questions]

What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment?

Show Suggested Answer Hide Answer
Suggested Answer: C

Threat analysis is the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment.

The following answers are incorrect:

Risk analysis is the process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact.

Risk analysis is synonymous with risk assessment and part of risk management, which is the ongoing process of assessing the risk to mission/business as part of a risk-based approach used to determine adequate security for a system by analyzing the threats and vulnerabilities and selecting appropriate, cost-effective controls to achieve and maintain an acceptable level or risk.

Due Diligence is identifying possible risks that could affect a company based on best practices and standards.

Reference(s) used for this question:

STONEBURNER,

Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page B-3).


by Yoko at Nov 20, 2025, 08:51 AM

Limited Time Offer

25%

Off

Get Premium SSCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dyan
12 hours ago
A) Risk management is too broad for this question.
upvoted 0 times
...
Omega
6 days ago
I thought it was C) Threat analysis. Seems more fitting.
upvoted 0 times
...
Ceola
11 days ago
Risk analysis is the way to go. It's like playing a game of chess, but with cybersecurity as the board.
upvoted 0 times
...
Stefania
16 days ago
Threat analysis, for sure. Gotta know what's lurking in the shadows, am I right?
upvoted 0 times
...
Sharmaine
21 days ago
A) Risk management, all the way! Manage that risk like a pro.
upvoted 0 times
...
Elvera
26 days ago
B) Risk analysis is the way to go. Gotta weigh those risks, baby!
upvoted 0 times
...
Lonna
1 month ago
I feel like due diligence is more about compliance and not really focused on threats and vulnerabilities, so I’m leaning towards risk analysis or threat analysis.
upvoted 0 times
...
Junita
1 month ago
I'm a bit confused; I thought risk management covered this kind of evaluation, but now I'm second-guessing myself.
upvoted 0 times
...
Josefa
1 month ago
I remember practicing a question similar to this, and I think it was about identifying threats specifically, so maybe it's threat analysis?
upvoted 0 times
...
Myra
2 months ago
I'm a bit confused by the wording here. I'll need to re-read the question and options a few times to make sure I understand what it's asking.
upvoted 0 times
...
Paul
2 months ago
This seems straightforward. The question is directly asking about the examination of threats and vulnerabilities, so I'm going with C) Threat analysis.
upvoted 0 times
...
Ma
2 months ago
Okay, I've got it - the key here is that it's specifically about examining threat sources against system vulnerabilities. That sounds like threat analysis to me.
upvoted 0 times
...
Larae
2 months ago
I think this might be related to risk analysis, but I'm not entirely sure if that's the best fit for the definition given.
upvoted 0 times
...
Sherill
2 months ago
C) Threat analysis seems like the correct answer here. Gotta identify those threats, you know?
upvoted 0 times
...
Louann
2 months ago
Definitely B) Risk analysis. That's the right term!
upvoted 0 times
...
Estrella
3 months ago
C) Threat analysis is specific to threats and vulnerabilities.
upvoted 0 times
...
Tayna
3 months ago
D) Due diligence? Really? That's like trying to put out a fire with a water gun.
upvoted 0 times
...
Kenny
3 months ago
Hmm, I'm not totally sure about this one. I'll need to think it through carefully and consider the differences between the options.
upvoted 0 times
...
Geoffrey
3 months ago
I think this is asking about risk analysis - looking at threats and vulnerabilities to determine the risks for a system.
upvoted 0 times
...

Save Cancel