Questions: Understanding the legal/regulatory/compliance environment, as well as the threat environment. a. internal b. design c. external d. risk evaluation

The answer is the third one (c): external.

Explanation for each option: a. Internal: This option is incorrect because the legal/regulatory/compliance environment and the threat environment are typically influenced by external factors rather than internal ones. b. Design: This option is incorrect because "design" does not relate to understanding the legal/regulatory/compliance environment or the threat environment. c. External: This option is correct because the legal/regulatory/compliance environment and the threat environment are influenced by external factors such as laws, regulations, and external threats. d. Risk evaluation: This option is incorrect because risk evaluation is a process of assessing risks, not an environment that needs to be understood.

Summary: The correct answer is (c) external, as it accurately reflects the nature of the legal/regulatory/compliance environment and the threat environment.