Spoofing is an attack in which one person or process pretends to be a person or process that has more privileges. For example, user A can mimic behavior to make process B believe user A is user C.
In the absence of any other controls, B may be duped into giving to user A the data and privileges that were intended for user C.

Reference: HARRIS, Shon, CISSP All In One Exam Guide. Chapter 4, pages 126-127. A very excellent discussion on this topic stating the steps and explaining the processess of those steps is paraphrased (hopefully coherently) here:
A user can identify themselves with a userid or account number.
To be authenticated, a user usually provides a second piece of the credential set, like a password, passphase, cryptographic key, anatomical attribute, a token or a Personal Identification Number, or PIN.
Once the user provides credentials and is properly identified, the system needs to determine it the user has the necessary rights and privileges to do so.
If the user DOES have those rights and privileges, he is authorized access.

HIPAA is designed to provide for greater access by the patient to
personal healthcare information. In answer b, administrative simplification, the goal is to improve the efficiency and effectiveness of the healthcare system by:
Standardizing the exchange of administrative and financial data
Protecting the security and privacy of individually identifiable
health information
Answers c and d are self-explanatory.

The Land attack involves the perpetrator sending spoofed packet(s) with the
SYN flag set to the victim's machine on any open port that is listening. If the packet(s) contain the same destination and source IP address as the host, the victim's machine could hang or reboot.
In addition, most systems experience a total freeze up, where as CTRL-ALT-DELETE fails to work, the mouse and keyboard become non operational and the only method of correction is to reboot via a reset button on the system or by turning the machine off.
Vulnerable Systems:
This will affect almost all Windows 95, Windows NT, Windows for Workgroups systems that are not properly patched and allow Net Bios over TCP/IP.
In addition, machines running services such as HTTP, FTP, Identd, etc that do not filter packet(s), that contain the same source / destination IP address, can still be vulnerable to attack through those ports.
Prevention:
This attack can be prevented for open / listening ports by filtering inbound packets containing the same source / destination IP address at the router or firewall level.
For most home users not running a lot of services, and for those who use IRC, disabling the Identd server within their client will stop most attacks since the identd service (113) is becoming the most attacked service/port.

Explanation/Reference:
Explanation:
A pre-shared key is simply a string of characters known to both parties. When configuring a VPN using IPSec with pre-shared keys for authentication, the pre-shared key is entered into the configuration of the VPN device at each end of the VPN.
IKE can use certificate-based authentication using certificates from a PKI or it can use pre-shared keys.
When using pre-shared keys, you do not need a PKI.
Incorrect Answers:
A: It is true that pre-shared key authentication is normally based on simple passwords.
C: It is true that IKE is used to setup Security Associations.
D: It is true that IKE builds upon the Oakley protocol and the ISAKMP protocol.
References:
https://en.wikipedia.org/wiki/Internet_Key_Exchange