21. Two different employees eimployee has part of the safe combination, and the second employee has the other part of are required to open a safe containing sensitive information. One the safe combination. A) need to know C)) separation of privilege This arrangement follows the principle of B) D) least privilege least common mechanism ich of the following terms best describes the assurance that data has not been changed unintentionally due to an accident or malice? 22. A) Utility C)) Integrity B) Availability D) Possession 23.A sender not being able to deny sending a message that he/she, in fact, did send, is message A nonrepudiation C) confidentiality A loss of B) integrity D) sending 24. is the unauthorized disclosure of information. A) authenticity C) reliability B confidentiality D) integrity Which of the following terms best describes the weakness in a system that may possibly be exploited? 25. B Vulnerability D) Risk A) Threat C) Weakest link 26. A threat can be defined as a A) informational self-determination Bset of circumstances that could cause harm or loss C) weakness that could be exploited to cause harm D) the ability to trace all actions related to a given asset 27. In the Bell-LaPadula model, the "simple security property" is also called the property no read down A) C) When an information system authenticates a user based on "what the user is", this refers to the use of A) authorization based upon the user's job title B no write down D) no write up no read up 28. B) role-based authentication C) two-factor authentication D) biometric authentication 5 of 10