B is correct. A password is something the user knows and can present as an

authentication factor to confirm an identity assertion. A is incorrect because a

user ID is an identity assertion, not an authentication factor. C and D are

incorrect as they are examples of authentication factors that are something

you are, also referred to as "biometrics.

D is correct. Anyone within the organization can identify risk.

C is correct. A laptop, and the data on it, are assets, not threats. All the other

answers are examples of threats, as they all have the potential to cause

adverse impact to the organization and the organization's assets.

B is correct. If a password file is modified, the impact to the environment

could be significant; there is a possibility that all authorized users could be

denied access, or that anyone (including unauthorized users) could be granted

access. The integrity of the password file is probably the most crucial of the

four options listed. A is incorrect because one frame of an entire film, if

modified, probably would have little to no effect whatsoever on the value of

the film to the viewer; a film has thousands (or tens of thousands, or millions)

of frames. C is incorrect because a change in marketing material, while

significant, is not as crucial as the integrity of the password file described in

Answer B. D is incorrect because a typo in a product description is not likely

to be as important as the integrity of the password file described in Answer B

B is correct. This is a set of instructions to perform a particular task, so it is a

procedure (several procedures, actually—one for each platform). A is

incorrect; the instructions are not a governmental mandate. C is incorrect,

because the instructions are particular to a specific product, not accepted

throughout the industry. D is incorrect, because the instructions are not

particular to a given organization