Your codebase uses hardcoded API keys that got leaked. What mitigation should you implement going forward?

This term means healthcare errors are reviewed to prevent future ones.

You open a PDF from an unknown sender, and it silently installs spyware. What type of file is that?

What policy helps ensure employees follow security protocols, such as using strong passwords?

Which is more likely to occur: a software bug or a hardware failure?

Integrating automated security scans into the SDLC is part of which modern development approach?

Rules and procedures limiting visibility to patient information are an example of this control type.

An attacker exploits a web app by injecting malicious SQL commands. What vulnerability is this?

This cryptographic mechanism uses a pair of keys: one public, one private, to secure communication.

When evaluating risks, which is more subjective: qualitative or quantitative?

In Python, to avoid hardcoding, you store the risk threshold in a reusable format. What is this technique called?

This type of risk happens if consistent are not followed during development for health apps.

Attackers hijack DNS records to redirect users to fake sites. What’s this attack called?

You notice your app’s response times spike under load, risking timeouts. What risk mitigation could help keep service reliable?

Which is more proactive when configuring risk controls: penetration testing or anomaly detection?