Which statement best describes the two actions that can be taken for vulnerability assessments for intentional contamination?

The idea being tested is that a thorough vulnerability assessment for intentional contamination looks at both what could be targeted in the facility and who or what could be vulnerable to exploitation. Identifying vulnerable activities means mapping the steps and processes where contamination could realistically be introduced or spread—things like receiving materials, storage, handling, processing, and distribution. Identifying vulnerable characteristics means examining attributes that could enable misuse or breach, such as weak access controls, inadequate monitoring, predictable routines, or design features that create security gaps. By combining these two angles, you get a complete picture of where risks lie: the actual activities at risk and the factors that make those points exploitable. If you only focus on activities, you might miss patterns or people that could take advantage of them; if you only focus on characteristics, you might overlook specific process steps that could be compromised. After identifying both, you can develop targeted mitigations.