A risk assessment identifies a vulnerability in a critical application. The threat actor is a script kiddie with low capability. Using the FAIR framework, which factor would most directly increase the Loss Event Frequency (LEF)?
Correct. Higher vulnerability severity increases LEF.
Why this answer
Loss Event Frequency (LEF) in FAIR is directly influenced by the probability that a threat agent will act against a vulnerability. Increasing the vulnerability severity makes the application more susceptible to exploitation, thereby raising the likelihood of a loss event occurring, even if the threat actor has low capability.
Exam trap
The trap here is that candidates confuse 'threat actor motivation' with 'vulnerability severity' as the primary driver of LEF, but FAIR separates motivation into TEF, while vulnerability severity directly impacts the probability of a successful loss event.
How to eliminate wrong answers
Option A is wrong because reducing vulnerability severity would decrease the susceptibility of the application, which lowers LEF, not increases it. Option B is wrong because decreasing threat event frequency reduces the number of attack attempts, which directly lowers LEF, contrary to the goal of increasing it. Option D is wrong because increasing the threat actor's motivation does not directly affect LEF; motivation influences Threat Event Frequency (TEF) and the probability of action, but LEF is more directly tied to vulnerability severity and the ability to exploit it.