Certified in Risk and Information Systems Control (CRISC) — Question 685

Which of the following would be considered a vulnerability?

Answer options

• A. Delayed removal of employee access
• B. Corruption of files due to malware
• C. Authorized administrative access to HR files
• D. Server downtime due to a denial of service (DoS) attack

Correct answer: A

Explanation

The correct answer is A because delayed removal of employee access can lead to unauthorized access, which is a significant vulnerability. Options B, C, and D describe incidents or situations that arise due to vulnerabilities but do not themselves represent a vulnerability.