ISO/IEC 27001 Lead Auditor Certification Practice Exam

An example of a vulnerability is unencrypted data. This situation represents a weakness in information security. When data is not encrypted, it can be easily accessed or intercepted by unauthorized individuals, increasing the risk of data breaches and unauthorized disclosures. Encryption serves as a protective layer for sensitive information; without it, sensitive data remains exposed and susceptible to various threats.

While unauthorized access by individuals who have left the organization does represent a risk, it is more aptly categorized as an incident or threat rather than a vulnerability. Vulnerabilities refer to specific weaknesses that could be exploited by threats. Data input errors by personnel also reflect a risk related to data integrity and accuracy but are not typically classified under the definition of vulnerabilities in the context of information security.

In summary, unencrypted data clearly exemplifies a vulnerability, highlighting how it can be a point of exploitation by attackers, whereas the other examples deal with different aspects of information security management.