Question

Which one of the following is not normally included in a security assessment?

A. Vulnerability scan
B. Risk assessment
C. Mitigation of vulnerabilities
D. Threat assessment

Answer 1

In a security assessment, mitigation of vulnerabilities is not normally included; it occurs after potential issues have been identified through vulnerability scans, risk, and threat assessments.

Step-by-step explanation:

When conducting a security assessment, certain components are standard in the process.

These typically include a vulnerability scan, which looks for weaknesses in the system that could be exploited; a risk assessment, which evaluates the potential impact of various threats; and a threat assessment, which identifies the threats that are most likely to impact the system.

However, mitigation of vulnerabilities is not normally included as a part of the assessment itself. Mitigation actions are usually taken after the assessment has been completed, and potential security issues have been identified.