DXC Technology Mock Interview
Practice 25 DXC Technology interview questions covering enterprise IT, digital transformation, and client delivery excellence.
Question 24 of 25
What's the difference between a threat, vulnerability, and a risk, and how do you assess the severity of a threat for example?
How to Answer
Example Answer
Community Answers
Tom Dushaj is a business and technology executive and the author of 'Resumes That Work.' Tom has vast experience providing solutions to Fortune 500 companies in the areas of Information Technology Consulting, ERP Software, Personnel Management, and Intern
If you're a (CISSP) Certified Information Systems Security Professional, then you should know the difference between a threat, a vulnerability, and a risk. When you're starting a new job, you don't know the new environment, so you need to gather some basic information about where everything is, and how things were operating before you came along.
One of the first things you'll need to do is assess the landscape. You'll probably need to locate where the data resides, who is or was managing the data, and what the network diagram looks like. The hiring manager wants to see if you are experienced enough to ask these questions so that they know they're not dealing with a junior level candidate with limited experience in these areas.
After you have outlined what you would do when you start, they will dig a little deeper and ask you to explain the differences between threat, vulnerability and risk, and how you assess threats. As a general rule, you should talk about the differentiators among the three first, and then the process you follow to assess a threat. The interviewer's attention will be focused on how you assess a threat.
Here are a few items you may want to research further regarding assessments. Visibility touch points, Ingress and Egress filtering, and Vulnerability Assessments.
Tom Dushaj is a business and technology executive and the author of 'Resumes That Work.' Tom has vast experience providing solutions to Fortune 500 companies in the areas of Information Technology Consulting, ERP Software, Personnel Management, and Intern
"My answer is that vulnerabilities should usually be the main focus of an organization since there is little control over the volume and consistency of threats that come in daily. In past roles when I started with a new company, the first thing that was on my task list was to perform a vulnerability assessment. This revealed a lot about the current state of risks and vulnerabilities to the network, and what needed to be done to close those gaps and secure all entry ports into the network. After doing a full assessment, I recorded visibility touch points to monitor where threats came from, and the strength and weakness of our vulnerabilities which helped me map out a long-term IT Security strategy plan."
Write Your Answer
0 - Character Count
Unlock All 25 DXC Technology Questions
Prepare for behavioral and technical questions from DXC's multi-stage interview process.
Get StartedJump to Question