← All Interview Questions
General Cybersecurity Entry Level

What is the difference between a threat, vulnerability, and risk?

S
Situation
During security assessments, teams must clearly distinguish between threats, vulnerabilities, and risks to prioritize remediation.
T
Task
Define each term and explain how they relate in a security context.
A
Action
A threat is any potential danger that could exploit a weakness (hackers, malware, natural disasters). A vulnerability is a weakness in a system (unpatched software, misconfiguration, weak passwords). Risk is the likelihood and impact of a threat exploiting a vulnerability. Risk = Threat x Vulnerability x Impact. This relationship drives risk-based security decision making.
R
Result
Understanding this distinction allows proper risk assessments, prioritized patching based on risk scores, and effective communication with management about security posture.

💡 Interview Tips

  • Use specific examples from your experience — generic answers are immediately detected
  • Mention tools, frameworks, and standards by name to demonstrate hands-on knowledge
  • Connect your answer to business outcomes — security exists to protect business value
  • If you lack direct experience, describe how you would approach the scenario methodically

Related General Cybersecurity Questions

What is the CIA triad in cybersecurity?
Entry
What is the difference between symmetric and asymmetric encryption?
Entry
What is zero trust security?
Mid
What is SQL injection?
Entry
What is cross-site scripting XSS?
Entry
What is multi-factor authentication?
Entry