Which of the following is NOT a core principle of most security models? a) Confidentiality: Protecting information from unauthorized access. b) Integrity: Ensuring information accuracy and completeness. c) Availability: Guaranteeing authorized access to information. d) Transparency: Making security policies and procedures clear.

What is the term for a potential source of harm or damage to an information system? a) Vulnerability: A weakness that can be exploited. b) Threat: An actor capable of causing harm. c) Control: A measure to mitigate risk. d) Harm: The negative impact of a security incident.

What type of harm does data manipulation and corruption fall under? a) Confidentiality breach b) Integrity violation c) Availability disruption d) All of the above

Which of the following is NOT a common vulnerability in software applications? a) Input validation flaws b) Buffer overflows c) Logic errors d) Physical security weaknesses

What is the main purpose of access control mechanisms? a) To grant authorized users access to information. b) To prevent unauthorized users from accessing information. c) To track and monitor user activity. d) All of the above

What is the difference between authentication and authorization? a) Authentication verifies identity, while authorization grants permissions. b) Authentication verifies authorization, while authorization restricts access. c) They are the same concept with different names. d) Authentication is for users, while authorization is for systems.

Unintentional programming oversights can create vulnerabilities. What is an example of such an oversight? a) Leaving debug code active in production software. b) Using insecure cryptographic algorithms. c) Failing to properly handle user input. d) All of the above