WGU D430 fundamentals of
information security
exam(246 questions and
answers)
Information security - answer protecting data,
software, and hardware secure against
unauthorized access, use, disclosure, disruption,
modification, or destruction.
Compliance - answer The requirements that are set
forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment
card industry, FISMA- federal government agencies
DAD Triad - answer Disclosure, alteration, and
denial
CIA Triad - answer The core model of all
information security concepts. Confidential,
integrity and availability
,Confidential - answer Ability to protect our data
from those who are not authorized to view it.
What ways can confidentiality be compromised? -
answer - lose a personal laptop with data
- Person can view your password you are entering
in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity - answer Keeping data unaltered by
accidental or malicious intent
How to maintain integrity? - answer Prevent
unauthorized changes to the data and the ability to
reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back
undesirable changes.
Availability - answer The ability to access data
when needed
Ways Availability can be compromised - answer -
Power loss
,- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS) - answer Security problem
in which users are not able to access an
information system; can be caused by human
errors, natural disaster, or malicious activity.
Parkerian hexad model - answer A model that adds
three more principles to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control - answer Refers to the physical
disposition of the media on which the data is
stored; This allows you to discuss loss of data via
its physical medium.
Principle of Possession example - answer Lost
package (encrypted USB's and unencrypted USB's)
, possession is an issue because the tapes are
physically lost.
(Unencrypted is compromised via confidentiality
and possession; encrypted is compromised only via
possession).
Principle of Authenticity - answer Allows you to say
whether you've attributed the data in question to
the proper owner/creator.
Ways authenticity can be compromised - answer
Sending an email but altering the message to look
like it came from someone else, than the original
one that was sent.
Utility - answer How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little
utility).
Security Attacks - answer Broken down from the
type of attack, risk the attack represents, and
controls you might use to mitigate it.
Types of attacks - answer 1- interception
information security
exam(246 questions and
answers)
Information security - answer protecting data,
software, and hardware secure against
unauthorized access, use, disclosure, disruption,
modification, or destruction.
Compliance - answer The requirements that are set
forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment
card industry, FISMA- federal government agencies
DAD Triad - answer Disclosure, alteration, and
denial
CIA Triad - answer The core model of all
information security concepts. Confidential,
integrity and availability
,Confidential - answer Ability to protect our data
from those who are not authorized to view it.
What ways can confidentiality be compromised? -
answer - lose a personal laptop with data
- Person can view your password you are entering
in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity - answer Keeping data unaltered by
accidental or malicious intent
How to maintain integrity? - answer Prevent
unauthorized changes to the data and the ability to
reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back
undesirable changes.
Availability - answer The ability to access data
when needed
Ways Availability can be compromised - answer -
Power loss
,- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS) - answer Security problem
in which users are not able to access an
information system; can be caused by human
errors, natural disaster, or malicious activity.
Parkerian hexad model - answer A model that adds
three more principles to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control - answer Refers to the physical
disposition of the media on which the data is
stored; This allows you to discuss loss of data via
its physical medium.
Principle of Possession example - answer Lost
package (encrypted USB's and unencrypted USB's)
, possession is an issue because the tapes are
physically lost.
(Unencrypted is compromised via confidentiality
and possession; encrypted is compromised only via
possession).
Principle of Authenticity - answer Allows you to say
whether you've attributed the data in question to
the proper owner/creator.
Ways authenticity can be compromised - answer
Sending an email but altering the message to look
like it came from someone else, than the original
one that was sent.
Utility - answer How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little
utility).
Security Attacks - answer Broken down from the
type of attack, risk the attack represents, and
controls you might use to mitigate it.
Types of attacks - answer 1- interception
