Certified Ethical Hacker (CEH v10) — Question 157

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Answer options

• A. Assigns values to risk probabilities; Impact values
• B. Determines risk probability that vulnerability will be exploited (High, Medium, Low)
• C. Identifies sources of harm to an IT system (Natural, Human, Environmental)
• D. Determines if any flaws exist in systems, policies, or procedures

Correct answer: D

Explanation

The correct answer, D, focuses on recognizing flaws in systems, policies, or procedures, which is essential for vulnerability identification. Options A and B pertain to evaluating risk probabilities and impacts rather than identifying vulnerabilities, while option C deals with sources of harm, not the vulnerabilities themselves.