Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 235

What is a difference between a threat and a risk?

Answer options

• A. A threat can be people, property, or information, and risk is a probability by which these threats may bring harm to the business.
• B. A risk is a flaw or hole in security, and a threat is what is being used against that flaw.
• C. A risk is an intersection between threat and vulnerabilities, and a threat is what a security engineer is trying to protect against.
• D. A threat is a sum of risks, and a risk itself represents a specific danger toward the asset.

Correct answer: C

Explanation

Option C is correct because it accurately describes the relationship between threats, vulnerabilities, and risks. The other options misrepresent these concepts; for example, option A oversimplifies the definitions, option B incorrectly defines risk, and option D reverses the relationship between threats and risks.