D430:
Fundamentals of
Information
Security –
PASSED
EXAM(239
QUESTIONS AND
ANSWERS)
information security - answer "protecting
information and information systems from
unauthorized access, use, disclosure, disruption,
modification, or destruction." - US law
,protection of digital assets.
secure - answer it's difficult to define when you're
truly secure. when you can spot insecurities, you
can take steps to mitigate these issues. although
you'll never get to a truly secure state, you can
take steps in the right direction.
m; as you increase the level of security, you
decrease the level of productivity. the cost of
security should never outstrip the value of what
it's protecting.
data at rest and in motion (and in use) - answer
data at rest is stored data not in the process of
being moved; usually protected with encryption at
the level of the file or the entire storage device.
data in motion is data that is in the process of
being moved; usually protected with encryption,
but in this case the encryption protects the
network protocol or the path of the data.
data in use is the data that is actively being
accessed at the moment. protection includes
permissions and authentication of users. could be
conflated with data in motion.
,defense by layer - answer the layers of your
defense-in-depth strategy will vary depending on
situation and environment.
logical (nonphysical) layers: external network,
network perimeter, internal network, host,
application, and data layers as areas to place your
defenses.
m; defenses for layers can appear in more than one
area. penetration testing, for example, can and
should be used in all layers.
payment card industry data security standard (PCI
DSS) - answer a widely accepted set of policies and
procedures intended to optimize the security of
credit, debit and cash card transactions and
protect cardholders against misuse of their
personal information.
health insurance portability and accountability act
of 1996 (HIPAA) - answer a federal law that
required the creation of national standards to
protect sensitive patient health information from
being disclosed without the patient's consent or
knowledge.
, federal information security management act
(FISMA) - answer requires each federal agency to
develop, document, and implement an information
security program to protect its information and
information systems.
m; applies to US federal government agencies, all
state agencies that administer federal programs,
and private companies that support, sell to, or
receive grant money from the federal government.
federal risk and authorization management
program (FedRAMP) - answer defines rules for
government agencies contracting with cloud
providers; applies to both cloud platform providers
and companies providing software as a service
(SaaS) tools that are based in the cloud.
sarbanes-oxley act (SOX) - answer regulates the
financial practice and governance for publicly held
companies.
m; designed to protect investors and the general
public by establishing requirements regarding
reporting and disclosure practices.
places specific requirements on an organization's
electronic recordkeeping, including the integrity of
Fundamentals of
Information
Security –
PASSED
EXAM(239
QUESTIONS AND
ANSWERS)
information security - answer "protecting
information and information systems from
unauthorized access, use, disclosure, disruption,
modification, or destruction." - US law
,protection of digital assets.
secure - answer it's difficult to define when you're
truly secure. when you can spot insecurities, you
can take steps to mitigate these issues. although
you'll never get to a truly secure state, you can
take steps in the right direction.
m; as you increase the level of security, you
decrease the level of productivity. the cost of
security should never outstrip the value of what
it's protecting.
data at rest and in motion (and in use) - answer
data at rest is stored data not in the process of
being moved; usually protected with encryption at
the level of the file or the entire storage device.
data in motion is data that is in the process of
being moved; usually protected with encryption,
but in this case the encryption protects the
network protocol or the path of the data.
data in use is the data that is actively being
accessed at the moment. protection includes
permissions and authentication of users. could be
conflated with data in motion.
,defense by layer - answer the layers of your
defense-in-depth strategy will vary depending on
situation and environment.
logical (nonphysical) layers: external network,
network perimeter, internal network, host,
application, and data layers as areas to place your
defenses.
m; defenses for layers can appear in more than one
area. penetration testing, for example, can and
should be used in all layers.
payment card industry data security standard (PCI
DSS) - answer a widely accepted set of policies and
procedures intended to optimize the security of
credit, debit and cash card transactions and
protect cardholders against misuse of their
personal information.
health insurance portability and accountability act
of 1996 (HIPAA) - answer a federal law that
required the creation of national standards to
protect sensitive patient health information from
being disclosed without the patient's consent or
knowledge.
, federal information security management act
(FISMA) - answer requires each federal agency to
develop, document, and implement an information
security program to protect its information and
information systems.
m; applies to US federal government agencies, all
state agencies that administer federal programs,
and private companies that support, sell to, or
receive grant money from the federal government.
federal risk and authorization management
program (FedRAMP) - answer defines rules for
government agencies contracting with cloud
providers; applies to both cloud platform providers
and companies providing software as a service
(SaaS) tools that are based in the cloud.
sarbanes-oxley act (SOX) - answer regulates the
financial practice and governance for publicly held
companies.
m; designed to protect investors and the general
public by establishing requirements regarding
reporting and disclosure practices.
places specific requirements on an organization's
electronic recordkeeping, including the integrity of
