WGU C836 OA Study Guide (Overly Informative) questions and answers with complete solutions.

WGU C836 OA Study Guide (Overly Informative) questions and answers with complete solutions. CIA Triad - correct answers.Confidentiality, Integrity, Availability Parkerian hexad - correct answers.Where the CIA triad consists of confidentiality, integrity, and availability, the Parkerian hexad consists of these three principles, as well as possession or control, authenticity, and utility Confidentiality - correct answers.Refers to our ability to protect our data from those who are not authorized to view it. Confidentiality can be compromised by the loss of a laptop containing data, a person looking over our shoulder while we type a password, an e-mail attachment being sent to the wrong person, an attacker penetrating our systems, or similar issues. Integrity - correct answers.Refers to the ability to prevent our data from being changed in an unauthorized or undesirable manner. This could mean the unauthorized change or deletion of our data or portions of our data, or it could mean an authorized, but undesirable, change or deletion of our data. To maintain integrity, we not only need to have the means to prevent unauthorized changes to our data but also need the ability to reverse authorized changes that need to be undone. Availability - correct s to the ability to access our data when we need it. Loss of availability can refer to a wide variety of breaks anywhere in the chain that allows us access to our data. Such issues can result from power loss, operating system or application problems, network attacks, compromise of a system, or other problems. When such issues are caused by an outside party, such as an attacker, they are commonly referred to as a denial of service (DoS) attack. Possession or Control - correct answers.Refers to the physical disposition of the media on which the data is stored. This enables us, without involving other factors such as availability, to discuss our loss of the data in its physical medium An example is data store be on multiple devices and there could be numerous versions. Authenticity - correct answers.Attribution as to the owner or creator of the data in question. Authenticity can be enforced through the use of digital signatures. Utility - correct answers.Refers to how useful the data is to us. Interception - correct answers.Interception attacks allow unauthorized users to access our data, applications, or environments and are primarily an attack against confidentiality. Interception might take the form of unauthorized file viewing or copying, eavesdropping on phone conversations, or reading e-mail, and can be conducted against data at rest or in motion. Properly executed, interception attacks can be very difficult to detect. Affects Confidentiality Interruption - correct answers.Interruption attacks cause our assets to become unusable or unavailable for our use, on a temporary or permanent basis. Interruption attacks often affect availability but can be an attack on integrity as well. In the case of a DoS attack on a mail server, we would classify this as an availability attack. Affects Integrity and availability Modification - correct answers.Modification attacks involve tampering with our asset. If we access a file in an unauthorized manner and alter the data it contains, we have affected the integrity of the data contained in the file. Fabrication - correct answers.Fabrication attacks involve generating data, processes, communications, or other similar activities with a system. Fabrication attacks primarily affect integrity but could be considered an availability attack as well. If we generate spurious information in a database, this would be considered to be a fabrication attack. Affects Integrity and Availability Threat - correct answers.Something that has potential to cause harm Vulnerability - correct answers.Weaknesses that can be used to harm us Risk - correct answers.Likeliness that something bad will happen Impact - correct answers.The value of the asset is used to assess if a risk is present Something you know - correct answers.Password or PIN Something you are - correct answers.An authentication factor using biometrics, such as a fingerprint scanner. Something you have - correct answers.Authentication factor that relies on possession (FOB, Card, Cell Phone, Key) Something you do - correct answers.An authentication factor indicating action, such as gestures on a touch screen. Multifactor Authentication - correct answers.Uses one or more authentication methods for access Mutual Authentication - correct answers.A security mechanism that requires that each party in a communication verify its identity. Can be combine with multifactor authentication. In mutual authentication, not only does the client authenticate to the server, but the server authenticates to the client as well. Mutual authentication is often implemented through the use of digital certificates. Both the client and the server would have a certificate to authenticate the other. Biometric: Universality - correct answers.Characteristics in the majority of people we expect to enroll for the system. Biometric: Uniqueness - correct answers.Measure of how unique a particular characteristic is among individuals Biometric: Permanence - correct answers.How well a particular characteristic resists change over time and with advancing age. Biometric: Collectability - correct answers.How easy it is to acquire a characteristic with which we can later authenticate a user Biometric: Performance - correct answers.Set of metrics that judge how well a given system functions. Such factors include speed, accuracy, and error rate Biometric: Acceptability - correct answers.A measure of how acceptable the particular characteristic is to the users of the system Biometric: Circumvention - correct answers.Describes the ease with which a system can be tricked by a falsified biometric identifier.