What is the difference between a vulnerability, an exploit, and a threat on the exam?

A vulnerability is a weakness in a system, configuration, or process that could be taken advantage of, such as an unpatched server or a misconfigured firewall. An exploit is the actual code, tool, or technique used to take advantage of a vulnerability, such as a script that targets a specific software bug. A threat is any potential danger that could exploit a vulnerability, including threat actors, natural disasters, and accidents. Risk combines all three: a vulnerability with an available exploit and a motivated threat actor creates risk.