Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 88

What is the difference between a threat and a risk?

Answer options

• A. Threat represents a potential danger that could take advantage of a weakness, while the risk is the likelihood of a compromise or damage of an asset.
• B. Risk represents the known and identified loss or danger in the system, while threat is a non-identified impact of possible risks.
• C. Risk is the unintentional possibility of damages or harm to infrastructure, while the threats are certain and intentional.
• D. Threat is a state of being exposed to an attack or a compromise, while risk is the calculation of damage or potential loss affecting the organization from an exposure.

Correct answer: A

Explanation

Answer A is correct because it accurately defines a threat as a potential danger that exploits weaknesses, while risk quantifies the likelihood of such an event causing harm. Other options misrepresent these concepts, with B confusing the definitions, C incorrectly stating threats are intentional, and D misdefining the terms related to exposure and damage calculation.