Risk, Threat, Vulnerability
If you plan to take the Security+, or even the SSCP or CISSP exams, you need to understand some basics about: risk, threat, vulnerability. Risk is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss. It’s sometimes expressed as Risk = Threat * Vulnerability.
Threat
A threat is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. Threats can include natural threats such as those from hurricanes, floods, tornadoes, and earthquakes. They also include manmade threats like an attacker trying to hack into your network, or malicious software (malware) infecting your systems. In general, you can’t prevent threats, but you can reduce their impact.
Security+ (SY0-601) Practice Test Questions
SY0-601 Practice Test Questions
Over 385 realistic Security+ practice test questions
At least 10 performance-based questions
All questions include explanations so you’ll know why the correct answers are correct,
and why the incorrect answers are incorrect.
Upgrade Your Resume with the Security+ New Version
Multiple quiz formats to let you use these questions based on the way you learn.
- Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
- Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
- Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.
Pass the First Time You Take It
Get the full bank of SY0-601 Practice Test Questions Here
Click here if you’re looking for SY0-501 Online Study Package
Security+ Full Access Package
 | Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based
questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.
Buy The Full Access Study Package Today
60 Days Access
Need more time?
You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:
- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Over 40 new multiple-choice questions we’ve added after publishing the study guide.
- Over 30 performance-based questions. See a demo here.
- All of the flashcards from the study guide. View them in any Web browser.
- All of the audio from the study guide. Listen to a sample here.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Vulnerability
A vulnerability is a flaw or a weakness. It can be a weakness in the hardware, software, configuration, or process that has the potential to be exploited. For example, if a system is not kept up to date with patches, or is not hardened from the default configuration, the system is vulnerable. Note that just because a vulnerability exists doesn’t mean it will be exploited.
Security+ Full Access Package
 | Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based
questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.
Buy The Full Access Study Package Today
60 Days Access
Need more time?
You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:
- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Realistic SY0-601 Security+ Practice Test Questions
- Performance-based questions.
- All of the flashcards from the study guide. View them in any Web browser. See demo here
- All of the audio from the study guide.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Risk Mitigation
When a threat and a vulnerability come together, an organization can suffer a loss.
You can’t eliminate risk. However, you can take steps to reduce it. Risk management includes the steps taken to identify as many threats and vulnerabilities as possible, and then prioritize them. High probability risks are addressed first, and low probability risks are often accepted.
Risk mitigation reduces the chances that a threat will exploit a vulnerability by implementing controls (also called countermeasures or safeguards). Senior management makes decisions on what controls to purchase, and which risks to mitigate and risk that remains is residual risk. Senior management is responsible for any losses suffered from the residual risk.
While you’ll likely be tested on the basic definition of risk, much of the rest of these exams focuses on identifying threats and vulnerabilities, and implementing different types of controls. For example, malicious software (malware) is a significant threat and if an organization doesn’t use antivirus software and keep it up to date, they are highly vulnerable.
Other Security+ Study Resources
Master Security+ Performance Based Questions Video
Apps for Your Mobile Devices
Free No Risk Discount CompTIA Voucher Code