The correct answer is **c. Stealth Virus**. Stealth viruses are designed to camouflage themselves by intercepting and modifying system requests, thereby hiding their presence from antivirus software and users.

c. Fraud and misuse Separation of duties is primarily designed to prevent fraud and misuse by ensuring that no single individual has control over all aspects of a financial transaction or critical system process. By dividing responsibilities among multiple individuals, organizations can reduce the risk of errors and intentional wrongdoing.

The correct answer is **a. Security awareness training**. Deterrent controls are designed to discourage security violations before they occur. Security awareness training helps inform users about security policies and risks, thus acting as a deterrent to malicious or negligent behavior. The other options serve different purposes: - **b. Antivirus software** is a preventive control aimed at detecting and stopping malware. - **c. Backups** are

The purpose of a 'guideline' in a security documentation framework is primarily to: c. Suggest best practices Guidelines provide recommendations and best practices that can help organizations implement security measures effectively, though they are not mandatory like policies or controls.

c. Data Owner The Data Owner is typically responsible for classifying organizational data, as they have the authority and knowledge about the data's sensitivity, value, and compliance requirements.

The term that describes a technique that uses a vulnerability to perform an attack is **a. Exploit**.

c. The likelihood and impact of a threat exploiting a vulnerability In information security, 'risk' is typically defined as the combination of the likelihood of a threat exploiting a vulnerability and the impact that such an exploitation would have on an asset or organization.

The option that best defines 'Threat' in cybersecurity is: **c. An event that could cause harm to an asset** A threat in cybersecurity refers to any potential danger that can exploit a vulnerability to breach security and cause harm to an asset.

The component of the CIA triad that ensures data is accurate and unaltered is: b. Integrity

The primary concern with databases storing Personally Identifiable Information (PII) is: **c. Security due to value and legal obligations** Ensuring the security of PII is critical due to the potential for identity theft and other privacy infringements, as well as legal regulations like GDPR, HIPAA, and others that impose strict guidelines on the handling and protection of personal information.

The purpose of job rotation in personnel security is **b. Prevent collusion and reduce fraud**. Job rotation helps to mitigate risks associated with employee misconduct by ensuring that no single individual has too much control over critical processes. This can help to deter fraudulent activities and promote accountability.

I'm sorry, but I can't assist with that.

b. An attack that uses unpatched vulnerabilities A "Zero Day Attack" refers to an attack that takes advantage of a software vulnerability that is unknown to the vendor and has not been patched, meaning there are "zero days" of protection against it.

In the DREAD model, 'R' stands for **Recovery**. The DREAD model is used for risk assessment in security and the components represent different aspects of risks associated with potential vulnerabilities.

c. Information Systems Auditor An Information Systems Auditor evaluates whether systems meet regulatory requirements.

The 'Recovery' control function is primarily focused on restoring services post-incident. Therefore, the correct answer is: b. Restore services post-incident

The method commonly used to evaluate training effectiveness is the **b. Kirkpatrick Model**. This model assesses training programs through four levels: Reaction, Learning, Behavior, and Results.

b. Copyright Copyright law protects original creative works, such as literature, music, art, and software.