1-……..

Access to a system or its data that is normally available

may not be possible.
A-Confidentiality
B-Integrity
C-Availability
D-Vulnerability

2-........... is concerned with maintaining the security of all

systems and networks.
A-Infrastructure security
B-Application security
C-Operational security
D-Processing security

3-…..... is concerned with the security of related groups of

systems.
A-Infrastructure security
B-Application security
C-Operational security
D-Processing security

4-…...., is concerned with the secure use of the organization's

systems.
A-Infrastructure security
B-Application security
C-Operational security
D-Processing security
5-….... is a software engineering problem where the system is
designed to resist attacks.
A- Infrastructure security
B-Application security
C-Operational security
D-Processing security

6-…... threats that allow an attacker to insert false information

into a system.
A-Interception
B-Interruption
C-Modification
D-Fabrication

7-…...is a system characteristic that reflects its ability to resist

and recover from damaging events.
A-Resilience
B-safety
C-availability
D-reliability

8-....... Controls that are intended to ensure that attacks are

unsuccessful.
A- Vulnerability avoidance
B-Attack neutralization
C-Exposure limitation
D-reliability
9-..... Controls that are intended to detect and repel attacks.
A- Vulnerability avoidance
B-Attack neutralization
C-Exposure limitation
D-reliability

10-....... Controls that support recovery from problems.

A- Vulnerability avoidance
B-Attack neutralization
C-Exposure limitation
D-reliability

11-....... risk assessment This risk assessment process focuses on

the use of the system.
A-Preliminary
B-Design
C-Operational
D-reliability

12-…... requirements specify whether or not a system should

identify its users before interacting with them.
A-Identification
B-Authentication
C-Authorization
D-Immunity
13-....is concerned with trapping an external event or attack
before it damages the system.
A-Resistance
B-Recognition
C-Recovery
D-Reinstatement

14-.......is concerned with recognizing either that there has been

an adverse external event that may compromise the system.
A- Resistance
B-Recognition
C-Recovery
D-Reinstatement

15-........is concerned with getting critical services back up and

running as quickly as possible.
A-Resistance
B-Recognition
C-Recovery
D-Reinstatement
1- A password checking system that disallows user passwords
that are proper names or words that are normally included in a
dictionary. Control

2- A protective measure that reduces a system's vulnerability.

Control

3- A weak password system which makes it easy for users to set

guessable passwords. Vulnerability

4- A weakness in a computer-based system that may be

exploited to cause loss or harm. Vulnerability

5- An exploitation of a system's vulnerability. Attack

6- An impersonation of an authorized user. Attack

7- An unauthorized user will gain access to the system by
guessing the credentials (login name and password) of an
authorized user. Threat

8- Circumstances that have potential to cause loss or harm.

Threat

9- Possible loss or harm to a computing system. Exposure

10- Potential financial loss from future patients who do not seck
treatment because they do not trust the clinic to maintain their
data. Exposure

11- Something of value which has to be protected. Asset

12- The records of each patient that is receiving or has received

treatment. Asset