Question 1 of 25
How to Answer
Yet another technical question. While these may not seem like technical terms, used in the context of the information security analyst interview, they are. It is not uncommon for a technical question to ask you to compare two different terms. Technical questions can also ask you to define a single term. Keep in mind that you need to answer technical questions directly and briefly. You should anticipate follow-up questions.
"While these two terms may seem similar, there are subtle differences between them. A vulnerability defines a weakness in the organization's IT infrastructure, which can be exploited by malicious individuals. Vulnerabilities may sit dormant for long periods and go undetected until hackers use them to gain access to the network and the data contained within it. Threats, on the other hand, are active issues or incidents which are in the process of attacking an organization or working to gain access. Vulnerabilities can be addressed by constantly monitoring the network to identify them, and then addressing them with patches, software upgrades or other methods. Threats can only be resolved by creating defenses against them. This requires constant monitoring, awareness, and active remediation or the development of protections."