CPA Exam Lab
Section 2: 35–45%I8

Threats, Vulnerabilities, and Attacks

Exam Insight

The exam expects you to name attack types precisely and to keep straight the difference between a threat, a vulnerability, and a risk. Recognizing whether a scenario describes phishing, ransomware, SQL injection, or an insider threat drives both the correct answer and the right control recommendation.

CPA Exam Lab is an independent study resource and is not affiliated with, endorsed by, or sponsored by the AICPA® or NASBA. Practice questions are original content created for study purposes. “CPA” is a registered trademark of the AICPA.

What AICPA Wants You to Know

  • 1Distinguish a threat from a vulnerability and from risk.
  • 2Identify the major malware types and how they differ.
  • 3Recognize social engineering, phishing, and spear phishing.
  • 4Explain denial-of-service, SQL injection, man-in-the-middle, and zero-day attacks.
  • 5Describe the nature and indicators of insider threats.
  • 6Contrast vulnerability scanning with penetration testing.