Which of the following is an example of a vulnerability?

Prepare for the PECB Certified ISO/IEC 27001 Lead Auditor Exam with our comprehensive quiz. Test your knowledge with multiple-choice questions and detailed explanations. Get exam-ready!

Unencrypted data represents a clear vulnerability in the context of information security. A vulnerability is generally defined as a weakness in a system that can be exploited by threats, resulting in potential harm to the organization. When data is not encrypted, it is more susceptible to unauthorized access, interception, and misuse, especially during transmission or storage. This lack of encryption means that sensitive information could be easily accessed by attackers, leading to data breaches or other security incidents.

In the case of the other options, while they all represent important security concerns, they do not fit the definition of a vulnerability in the same way. Inadequate employee training relates more to a lack of awareness or preparedness rather than a specific security weakness in a system. Unauthorized access by former employees reflects a failure in access control and identity management rather than a systemic vulnerability. Incorrect security configurations certainly indicate a weakness that can create vulnerabilities, but they are considered instance-specific rather than a general condition like unencrypted data.

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy