The main goal of Information Security is Prevention, which focuses on stopping security incidents before they occur.

The concept that indicates exposure to the chance of damage or loss is 'Risk'. It encompasses vulnerabilities, threats, and potential attacks.

Conditions that leave a device open to harm are called vulnerabilities, making it the correct choice.

Attacks are the technique used to exploit a vulnerability without authorization, making it the correct choice among the options provided.

Countermeasures put in place to avoid security risks are called controls.

Authorization is the process of determining what rights and privileges an entity has.

The process of transforming plaintext to ciphertext that cannot be directly decrypted is known as hashing. Hashing is a one-way function that converts data into a fixed-size string of bytes.