Code Injection occurs when an attacker inserts malicious code into a software system, leading to unintended and potentially harmful behavior.

The primary objective of a whaling attack is to impersonate a specific individual, usually a high-ranking executive or influential person within an organization. Attackers aim to deceive others into believing they are this individual to gain access to sensitive information or resources.

This is an example of the "Fraud" type of insider threat. Fraud involves malicious activities by insiders, typically for personal gain. In this case, the employee is using their access to commit an act of fraud by stealing confidential data for their benefit.

A "tunneling protocol" plays a crucial role in VPNs by encapsulating data in a secure "tunnel," encrypting it, and ensuring safe transit through untrusted networks.

Access Control Lists (ACLs) are used to restrict or allow specific actions on files or directories. They define who can access the file or directory, what actions they can perform (e.g., read, write, execute), and under what conditions they can do so.

Encryption is the process of converting data into a code to prevent unauthorized access. It ensures that even if unauthorized users gain access to the data, they cannot read or use it without the decryption key. Encryption is crucial for data security and privacy.

Cross-Site Request Forgery (CSRF) is an attack in which the attacker tricks a victim into submitting a malicious request, often without the victim's knowledge, on their behalf.

The correct answer is "Risk Management." It encompasses identifying potential security threats, assessing their impact, and implementing strategies to mitigate them.

To ensure that the browser enforces the Content Security Policy (CSP) but only reports violations without blocking content, the report-only directive is used. This is useful for monitoring policy violations without impacting user experience.

A "zero-day" vulnerability is one that's undisclosed to the software or hardware vendor, meaning there are no patches or fixes available. It's called "zero-day" because it's effectively day zero of the vendor's awareness.

The process in which an operating system ensures that an application only accesses the resources necessary for its legitimate purpose is called "Sandboxing." Sandboxing is a security mechanism that isolates applications, preventing them from making unauthorized changes to a system or accessing resources they shouldn't. It enhances security by containing potentially harmful processes.

IPsec uses ESP, the Encapsulating Security Payload, to provide both data integrity and confidentiality. ESP encapsulates the original packet and adds encryption and integrity checks.