A.Use of proprietary networking protocols between nodes.

B.Much larger attack surface than traditional IT systems.

C.Use of cloud based systems to collect loT data.

D.Use of 'cheap" microcontroller based sensors.

A.How the organisation will manage information assurance.

B.The compliance with legal and regulatory obligations.

C.The policy has been agreed and amended to suit all third party contractors.

D.The policy has the support of Board and the Chief Executive.

A.A maximum of once every other month.

B.Once defined, they do not need reviewing.

C.When the next risk audit is due.

D.Risks remain under constant review.

A.The damage that has been caused by a weakness iin a system.
Vulnerability
A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.
An asset is any tangible or intangible thing or characteristic that has value to an organization, a control is any administrative, managerial, technical, or legal method that can be used to modify or manage risk, and a threat is any potential event that could harm an organization or system.
https://www.praxiom.com/iso-27000-definitions.htm

B.The impact of a cyber attack on an asset or group of assets.

C.A weakness of an asset or group of assets that can be exploited by one or more threats.

D.The threat that an asset or group of assets may be damaged by an exploit.

A.A penetration test looks for known vulnerabilities and reports them without further action.

B.A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.

C.A penetration test is always an automated process - a vulnerability scan never is.

D.A penetration test seeks to actively exploit any known or discovered vulnerabilities.