Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 59

What is the difference between an attack vector and an attack surface?

Answer options

• A. An attack surface identifies vulnerabilities that require user input or validation; and an attack vector identifies vulnerabilities that are independent of user actions.
• B. An attack vector identifies components that can be exploited; and an attack surface identifies the potential path an attack can take to penetrate the network.
• C. An attack surface recognizes which network parts are vulnerable to an attack; and an attack vector identifies which attacks are possible with these vulnerabilities.
• D. An attack vector identifies the potential outcomes of an attack; and an attack surface launches an attack using several methods against the identified vulnerabilities.

Correct answer: C

Explanation

Option C is correct because it accurately describes the relationship between attack surfaces and attack vectors; the surface indicates vulnerabilities while the vector indicates attack possibilities. Options A, B, and D misinterpret these concepts, either by reversing their definitions or by providing incorrect relationships between them.