CompTIA CASP+ (CAS-004) — Question 27

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.
Which of the following describes the administrator's discovery?

Answer options

• A. A vulnerability
• B. A threat
• C. A breach
• D. A risk

Correct answer: A

Explanation

The administrator's finding is classified as a vulnerability because it identifies a weakness in the server's defenses that could be exploited. A threat refers to a potential danger, while a breach denotes a successful exploitation of a vulnerability. A risk is the potential for loss or damage, but it does not specifically indicate the existence of a weakness like a vulnerability does.