C836 - Fundamentals of Information
Security (WGU) with 100% all correct
answers updated 2024.
*Integrity axiom - ANSWER-Anyone accessing a resource can only write its contents to one
classified at the same level or lower.
3DES - ANSWER-is simply DES used to encrypt each block three times, each time with a different
key. DES can operate in several different block modes, including Cipher Block Chaining (CBC),
Electronic CodeBook (ECB), Cipher Feedback (CFB), Output Feedback (OFB), and Counter Mode
(CTR). Each mode changes the way encryption functions and the way errors are handled.
Access control lists (ACLs) - ANSWER-are lists containing information about what kind of access
certain parties are allowed to have to a given system.
Access control lists generally list which three kinds of permissions - ANSWER-read, write, and
execute
Access Controls are - ANSWER-tools and systems used to allow or deny access, limit access, or
revoke access
Access controls can be based on - ANSWER-physical attributes, sets of rules, lists of individuals or
systems, or other, more complex factors
Accountability - ANSWER-refers to making sure that a person is responsible for their actions. It
provides us with the means to trace activities in our environment back to their source.
Accountability depends on - ANSWER-identification, authentication, and access control being
present so that we can know who a given transaction is associated with, and what permissions
were used to allow them to carry it out.
Administrative Controls - ANSWER-based on laws, rules, policies, and procedures, guidelines, and
other items that are "paper" in nature. They are the policies that organizations create for
governance. For example, acceptable use and email use policies.
,AES - ANSWER-is a set of symmetric block ciphers endorsed by the US government through NIST,
and now used by a variety of other organizations, and is the replacement for DES as the standard
encryption algorithm for the US federal government. AES uses three different ciphers: one with a
128-bit key, one with a 192-bit key, and one with a 256 bit key, all having a block length of 128 bits.
Shares the same block modes that DES uses and also includes other modes such as XEXbased
Tweaked CodeBook,(TCB) mode.
An audit is a kind of - ANSWER-assessment
An iris-scan for access is what kind of authentication - ANSWER-Something you are
Anti-Malware Tools - ANSWER-applications detect threats in the same way as an IDS either by
matching against a signature or by detecting anomalous activities taking place.
Arbitrary Code Execution in database security - ANSWER-We can find a number of areas for security
flaws in the languages we use to talk to databases. Generally, these are concentrated on SQL, as it
is the most common database language in use. In the default SQL language, a number of built-in
elements are possible security risks, some of which we can control access to and some of which we
cannot. Defend against by using current software patches. Mandate secure coding practices.
Conduct internal reviews to ensure practices are being followed.
Asymmetric Cryptography - ANSWER-In this Cryptography a Key Pair - Private and Public Key is
used. Private Key is kept secret and the Public Key is widely distributed.
Attacks - ANSWER-interception, interruption, modification, and
fabrication
Attribute-based access control (ABAC) - ANSWER-This is an access control paradigm whereby access
rights are granted to users with policies that combine attributes together. Subject, resource,
environmental, physical
Auditing - ANSWER-the methodical examination and review of an organization's records
Authentication - ANSWER-the act of providing who or what we claim to be. More technically, the
set of methods used to establish whether a claim is true
, Authentication Attacks - ANSWER-gaining access to resources without the proper credentials to do
so. Having weak password requirements. Hard-coded passwords, using all-clear script message to
allow access all provide exploitation methods. Any such process that is
performed in a space where it might be subject to direct attack or manipulation by users is almost
guaranteed to be a security issue at some point. We should instead authenticate against a remote
server or on the hardware of the device, if we have a portable device, where we are considerably
more in control.
Authenticity - ANSWER-whether you've attributed the data in question to the proper owner or
creator. (altered email that says it's from one person when it's not - violation of the authenticity of
the email)
Authorization - ANSWER-The process of determining exactly what an authenticated party can do
Availability - ANSWER-Refers to the ability to access our data when we need it
Bell-LaPadula model - ANSWER-implements a combination of DAC and MAC and is primarily
concerned with the confidentiality of the resource in question. Generally, in cases where we see
DAC and MAC implemented together, MAC takes precedence over DAC, and DAC works within the
accesses allowed by the MAC permissions.
Biba Model - ANSWER-An access control model used to ensure integrity. It uses two primary rules:
no read down and no write up.
Block Cipher - ANSWER-takes a predetermined number of bits, known as a block, in the plaintext
message and encrypts that block. Blocks are commonly composed of 64 bits but can be larger or
smaller depending on the particular algorithm being used and the various modes in which the
algorithm might be capable of operating.
Brewer and Nash Model - ANSWER-also known as the Chinese Wall model, is an access control
model designed to prevent conflicts of interest.
Buffer overlow - ANSWER-an attack that works by inputting more data than an application is
expecting from a particular input—for example, by entering 1000 characters into a field that was
only expecting 10. Depending on how the application was written, we may find that the extra 990
characters are written somewhere into memory, perhaps over memory locations used by other
Security (WGU) with 100% all correct
answers updated 2024.
*Integrity axiom - ANSWER-Anyone accessing a resource can only write its contents to one
classified at the same level or lower.
3DES - ANSWER-is simply DES used to encrypt each block three times, each time with a different
key. DES can operate in several different block modes, including Cipher Block Chaining (CBC),
Electronic CodeBook (ECB), Cipher Feedback (CFB), Output Feedback (OFB), and Counter Mode
(CTR). Each mode changes the way encryption functions and the way errors are handled.
Access control lists (ACLs) - ANSWER-are lists containing information about what kind of access
certain parties are allowed to have to a given system.
Access control lists generally list which three kinds of permissions - ANSWER-read, write, and
execute
Access Controls are - ANSWER-tools and systems used to allow or deny access, limit access, or
revoke access
Access controls can be based on - ANSWER-physical attributes, sets of rules, lists of individuals or
systems, or other, more complex factors
Accountability - ANSWER-refers to making sure that a person is responsible for their actions. It
provides us with the means to trace activities in our environment back to their source.
Accountability depends on - ANSWER-identification, authentication, and access control being
present so that we can know who a given transaction is associated with, and what permissions
were used to allow them to carry it out.
Administrative Controls - ANSWER-based on laws, rules, policies, and procedures, guidelines, and
other items that are "paper" in nature. They are the policies that organizations create for
governance. For example, acceptable use and email use policies.
,AES - ANSWER-is a set of symmetric block ciphers endorsed by the US government through NIST,
and now used by a variety of other organizations, and is the replacement for DES as the standard
encryption algorithm for the US federal government. AES uses three different ciphers: one with a
128-bit key, one with a 192-bit key, and one with a 256 bit key, all having a block length of 128 bits.
Shares the same block modes that DES uses and also includes other modes such as XEXbased
Tweaked CodeBook,(TCB) mode.
An audit is a kind of - ANSWER-assessment
An iris-scan for access is what kind of authentication - ANSWER-Something you are
Anti-Malware Tools - ANSWER-applications detect threats in the same way as an IDS either by
matching against a signature or by detecting anomalous activities taking place.
Arbitrary Code Execution in database security - ANSWER-We can find a number of areas for security
flaws in the languages we use to talk to databases. Generally, these are concentrated on SQL, as it
is the most common database language in use. In the default SQL language, a number of built-in
elements are possible security risks, some of which we can control access to and some of which we
cannot. Defend against by using current software patches. Mandate secure coding practices.
Conduct internal reviews to ensure practices are being followed.
Asymmetric Cryptography - ANSWER-In this Cryptography a Key Pair - Private and Public Key is
used. Private Key is kept secret and the Public Key is widely distributed.
Attacks - ANSWER-interception, interruption, modification, and
fabrication
Attribute-based access control (ABAC) - ANSWER-This is an access control paradigm whereby access
rights are granted to users with policies that combine attributes together. Subject, resource,
environmental, physical
Auditing - ANSWER-the methodical examination and review of an organization's records
Authentication - ANSWER-the act of providing who or what we claim to be. More technically, the
set of methods used to establish whether a claim is true
, Authentication Attacks - ANSWER-gaining access to resources without the proper credentials to do
so. Having weak password requirements. Hard-coded passwords, using all-clear script message to
allow access all provide exploitation methods. Any such process that is
performed in a space where it might be subject to direct attack or manipulation by users is almost
guaranteed to be a security issue at some point. We should instead authenticate against a remote
server or on the hardware of the device, if we have a portable device, where we are considerably
more in control.
Authenticity - ANSWER-whether you've attributed the data in question to the proper owner or
creator. (altered email that says it's from one person when it's not - violation of the authenticity of
the email)
Authorization - ANSWER-The process of determining exactly what an authenticated party can do
Availability - ANSWER-Refers to the ability to access our data when we need it
Bell-LaPadula model - ANSWER-implements a combination of DAC and MAC and is primarily
concerned with the confidentiality of the resource in question. Generally, in cases where we see
DAC and MAC implemented together, MAC takes precedence over DAC, and DAC works within the
accesses allowed by the MAC permissions.
Biba Model - ANSWER-An access control model used to ensure integrity. It uses two primary rules:
no read down and no write up.
Block Cipher - ANSWER-takes a predetermined number of bits, known as a block, in the plaintext
message and encrypts that block. Blocks are commonly composed of 64 bits but can be larger or
smaller depending on the particular algorithm being used and the various modes in which the
algorithm might be capable of operating.
Brewer and Nash Model - ANSWER-also known as the Chinese Wall model, is an access control
model designed to prevent conflicts of interest.
Buffer overlow - ANSWER-an attack that works by inputting more data than an application is
expecting from a particular input—for example, by entering 1000 characters into a field that was
only expecting 10. Depending on how the application was written, we may find that the extra 990
characters are written somewhere into memory, perhaps over memory locations used by other
