Exam ISO-IEC-27001-Foundation Topic 7 Question 43 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam
Question #: 43
Topic #: 7
What is the definition of a threat according to ISO/IEC 27000?

Suggested Answer: A Vote an answer

Comprehensive and Detailed Explanation From Exact Extract ISO/IEC 27000 standards:
According to ISO/IEC 27000:2018, Clause 3.74, athreatis defined as:
"Potential cause of an unwanted incident, which can result in harm to a system or organization." This definition directly matches option A.
* Option B refers to an "information security incident" (ISO/IEC 27000:2018, Clause 3.32).
* Option C describes a "vulnerability" (ISO/IEC 27000:2018, Clause 3.67).
* Option D refers to "residual risk" (ISO/IEC 27000:2018, Clause 3.61).
The standard emphasizes that threats exploit vulnerabilities, causing incidents that can harm information confidentiality, integrity, and availability. Correctly identifying threats is critical for risk assessment (Clause
6.1.2). Thus, the correct definition per ISO/IEC 27000 isA.

by Norman at May 22, 2026, 09:19 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10