Question 26
Domain 4 — Privacy Risk Assessment and Compliance ValidationA security manager is performing a risk assessment on a data center. The security manager has determined that unauthorized personnel can enter the data center through the loading dock door and shut off utility power to the building. This finding is known as a:
Correct answer: B
Explanation
A threat is a potential cause of harm that can exploit a weakness, and unauthorized access to the loading dock door creates that potential. The finding describes a condition that could lead to loss of utility power, which is a threat rather than the weakness itself.
Why each option is right or wrong
A. Vulnerability
Vulnerability is the weakness, such as inadequate door security, not the harmful act itself.
B. Threat
Under NIST SP 800-30, a threat is the potential for a threat source to exploit a vulnerability and cause harm; the identified condition here is the presence of an unauthorized path into the facility that could be used to interrupt power. The loading dock access point is the weakness, but the finding that someone can use it to shut off utility power describes the potential adverse event, which is why it is classified as a threat rather than a vulnerability or impact.
C. Likelihood
Likelihood measures how likely an event is, not the event or actor causing harm.
D. Probability
Probability is the numeric chance of occurrence, not the identified security danger.