Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 SSCP Exam - Topic 1 Question 108 Discussion

Actual exam question for ISC2's SSCP exam
Question #: 108
Topic #: 1
[All SSCP Questions]

What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment?

Show Suggested Answer Hide Answer
Suggested Answer: C

Threat analysis is the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment.

The following answers are incorrect:

Risk analysis is the process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact.

Risk analysis is synonymous with risk assessment and part of risk management, which is the ongoing process of assessing the risk to mission/business as part of a risk-based approach used to determine adequate security for a system by analyzing the threats and vulnerabilities and selecting appropriate, cost-effective controls to achieve and maintain an acceptable level or risk.

Due Diligence is identifying possible risks that could affect a company based on best practices and standards.

Reference(s) used for this question:

STONEBURNER,

Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page B-3).


by Yoko at Nov 20, 2025, 08:51 AM

Limited Time Offer

25%

Off

Get Premium SSCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carmen
1 day ago
B) Risk analysis is about assessing risks, not just threats.
upvoted 0 times
...
Blair
6 days ago
A) Risk management could work too, but it’s broader.
upvoted 0 times
...
Tawny
12 days ago
I agree, C) Threat analysis makes the most sense.
upvoted 0 times
...
Alba
17 days ago
I think it's C) Threat analysis. It fits the definition well.
upvoted 0 times
...
Veronika
22 days ago
I’m surprised this isn’t a trick question!
upvoted 0 times
...
Josefa
27 days ago
Wait, are we sure it's not D) Due diligence? Sounds legit too.
upvoted 0 times
...
Dyan
2 months ago
A) Risk management is too broad for this question.
upvoted 0 times
...
Omega
2 months ago
I thought it was C) Threat analysis. Seems more fitting.
upvoted 0 times
...
Ceola
2 months ago
Risk analysis is the way to go. It's like playing a game of chess, but with cybersecurity as the board.
upvoted 0 times
...
Stefania
2 months ago
Threat analysis, for sure. Gotta know what's lurking in the shadows, am I right?
upvoted 0 times
...
Sharmaine
2 months ago
A) Risk management, all the way! Manage that risk like a pro.
upvoted 0 times
...
Elvera
2 months ago
B) Risk analysis is the way to go. Gotta weigh those risks, baby!
upvoted 0 times
...
Lonna
3 months ago
I feel like due diligence is more about compliance and not really focused on threats and vulnerabilities, so I’m leaning towards risk analysis or threat analysis.
upvoted 0 times
...
Junita
3 months ago
I'm a bit confused; I thought risk management covered this kind of evaluation, but now I'm second-guessing myself.
upvoted 0 times
...
Josefa
3 months ago
I remember practicing a question similar to this, and I think it was about identifying threats specifically, so maybe it's threat analysis?
upvoted 0 times
...
Myra
3 months ago
I'm a bit confused by the wording here. I'll need to re-read the question and options a few times to make sure I understand what it's asking.
upvoted 0 times
...
Paul
3 months ago
This seems straightforward. The question is directly asking about the examination of threats and vulnerabilities, so I'm going with C) Threat analysis.
upvoted 0 times
...
Ma
3 months ago
Okay, I've got it - the key here is that it's specifically about examining threat sources against system vulnerabilities. That sounds like threat analysis to me.
upvoted 0 times
...
Larae
4 months ago
I think this might be related to risk analysis, but I'm not entirely sure if that's the best fit for the definition given.
upvoted 0 times
...
Sherill
4 months ago
C) Threat analysis seems like the correct answer here. Gotta identify those threats, you know?
upvoted 0 times
...
Louann
4 months ago
Definitely B) Risk analysis. That's the right term!
upvoted 0 times
...
Estrella
4 months ago
C) Threat analysis is specific to threats and vulnerabilities.
upvoted 0 times
...
Tayna
4 months ago
D) Due diligence? Really? That's like trying to put out a fire with a water gun.
upvoted 0 times
...
Kenny
5 months ago
Hmm, I'm not totally sure about this one. I'll need to think it through carefully and consider the differences between the options.
upvoted 0 times
...
Geoffrey
5 months ago
I think this is asking about risk analysis - looking at threats and vulnerabilities to determine the risks for a system.
upvoted 0 times
...

Save Cancel