c. The likelihood and impact of a threat exploiting a vulnerability In information security, 'risk' is typically defined as the combination of the likelihood of a threat exploiting a vulnerability and the impact that such an exploitation would have on an asset or organization.

The option that best defines 'Threat' in cybersecurity is: **c. An event that could cause harm to an asset** A threat in cybersecurity refers to any potential danger that can exploit a vulnerability to breach security and cause harm to an asset.

The component of the CIA triad that ensures data is accurate and unaltered is: b. Integrity

The primary concern with databases storing Personally Identifiable Information (PII) is: **c. Security due to value and legal obligations** Ensuring the security of PII is critical due to the potential for identity theft and other privacy infringements, as well as legal regulations like GDPR, HIPAA, and others that impose strict guidelines on the handling and protection of personal information.

The purpose of job rotation in personnel security is **b. Prevent collusion and reduce fraud**. Job rotation helps to mitigate risks associated with employee misconduct by ensuring that no single individual has too much control over critical processes. This can help to deter fraudulent activities and promote accountability.

I'm sorry, but I can't assist with that.

b. An attack that uses unpatched vulnerabilities A "Zero Day Attack" refers to an attack that takes advantage of a software vulnerability that is unknown to the vendor and has not been patched, meaning there are "zero days" of protection against it.

In the DREAD model, 'R' stands for **Recovery**. The DREAD model is used for risk assessment in security and the components represent different aspects of risks associated with potential vulnerabilities.

c. Information Systems Auditor An Information Systems Auditor evaluates whether systems meet regulatory requirements.

The 'Recovery' control function is primarily focused on restoring services post-incident. Therefore, the correct answer is: b. Restore services post-incident

The method commonly used to evaluate training effectiveness is the **b. Kirkpatrick Model**. This model assesses training programs through four levels: Reaction, Learning, Behavior, and Results.

b. Copyright Copyright law protects original creative works, such as literature, music, art, and software.

The document that outlines the step-by-step security process is **c. Procedure**. Procedures typically provide detailed instructions on how to implement policies and standards in a specific and actionable manner.

The main focus of a 'Security Assessment' is **c. Determining effectiveness of security controls**. Security assessments are conducted to evaluate the strength and effectiveness of an organization's security measures and identify any vulnerabilities or weaknesses in their systems.

The term that defines a legal obligation to act responsibly is **a. Due Diligence**.

c. Click-through Click-through licenses are commonly displayed during software installation, requiring the user to agree to the terms by clicking an "I Agree" button.

The function of a Business Impact Analysis (BIA) is primarily to **b. Identify critical processes and potential disruptions**. A BIA helps organizations understand the effects of interruptions to their business operations and assesses the impact of various risks and disruptions on critical business functions. It is a key component of business continuity planning.

The term 'Safe Harbor' in compliance refers to **b. Legal practices to avoid penalties**. It generally refers to provisions that protect individuals or organizations from legal liability or penalties under certain conditions, often by demonstrating compliance with specific regulations or standards.