WGU C836 Exam | Fundamentals of Information
Security | Questions and Correct Answers |
Western Governors University | Latest Exam
The 1st Law of Haas' Laws of Operations Security ---------CORRECT ANSWER---------
--------If you don't know the threat, how do you know what to protect?
The 2nd Law of Haas' Laws of Operations Security ---------CORRECT ANSWER--------
---------If you don't know what to protect, how do you know you are protecting it?
The 3rd Law of Haas' Laws of Operations Security ---------CORRECT ANSWER---------
--------If you are not protecting it, the dragon wins!
Services that are hosted, often over the Internet, for the purposes of delivering
easily scaled computing services or resources ---------CORRECT ANSWER--------------
---cloud computing
1st step in the OPSEC process, arguably the most important: to identify the assets
that most need protection and will cause us the most harm if exposed ---------
CORRECT ANSWER-----------------identification of critical information
,2nd step in the OPSEC process: to look at the potential harm or financial impact
that might be caused by critical information being exposed, and who might
exploit that exposure ---------CORRECT ANSWER-----------------analysis of threats
3rd step in the OPSEC process: to look at the weaknesses that can be used to
harm us ---------CORRECT ANSWER-----------------analysis of vulnerabilities
4th step in the OPSEC process: to determine what issues we really need to be
concerned about (areas with matching threats and vulnerabilities) ---------
CORRECT ANSWER-----------------assessment of risks
5th step in the OPSEC process: to put measures in place to mitigate risks ---------
CORRECT ANSWER-----------------appliance of countermeasures
This law provides a framework for ensuring the effectiveness of information
security controls in federal government
- changed from Management (2002) to Modernization in 2014 ---------CORRECT
ANSWER-----------------FISMA (Federal Information Security Modernization Act)
This law improves the efficiency and effectiveness of the health care system and
protects patient privacy ---------CORRECT ANSWER-----------------HIPAA (Health
Insurance Portability and Accountability Act)
,This law protects the privacy of students and their parents ---------CORRECT
ANSWER-----------------FERPA (Family Educational Rights and Privacy Act)
This law regulates the financial practice and governance of corporations ---------
CORRECT ANSWER-----------------SOX (Sarbanes-Oxley Act)
This law protects the customers of financial institutions ---------CORRECT ANSWER-
----------------GLBA (Gramm-Leach-Bliley Act)
Relating to an organization's adherence to laws, regulations, and standards --------
-CORRECT ANSWER-----------------compliance
Regulations mandated by law usually requiring regular audits and assessments ----
-----CORRECT ANSWER-----------------regulatory compliance
Regulations or standards designed for specific industries that may impact ability
to conduct business (e.g. PCI DSS) ---------CORRECT ANSWER-----------------industry
compliance
, The state or condition of being free from being observed or disturbed by other
people ---------CORRECT ANSWER-----------------privacy
This act safeguards privacy through the establishment of procedural and
substantive rights in personal data ---------CORRECT ANSWER-----------------The
Federal Privacy Act of 1974
to set a limit on the amount of data we expect to receive to set aside storage for
that data
*required in most programming languages
* prevents buffer overflows ---------CORRECT ANSWER-----------------bounds
checking
A type of software development vulnerability that occurs when multiple
processes or multiple threads within a process control or share access to a
particular resource, and the correct handling of that resource depends on the
proper ordering or timing of transactions ---------CORRECT ANSWER-----------------
race conditions
A type of attack that can occur when we fail to validate the input to our
applications or take steps to filter out unexpected or undesirable content ---------
CORRECT ANSWER-----------------input validation
Security | Questions and Correct Answers |
Western Governors University | Latest Exam
The 1st Law of Haas' Laws of Operations Security ---------CORRECT ANSWER---------
--------If you don't know the threat, how do you know what to protect?
The 2nd Law of Haas' Laws of Operations Security ---------CORRECT ANSWER--------
---------If you don't know what to protect, how do you know you are protecting it?
The 3rd Law of Haas' Laws of Operations Security ---------CORRECT ANSWER---------
--------If you are not protecting it, the dragon wins!
Services that are hosted, often over the Internet, for the purposes of delivering
easily scaled computing services or resources ---------CORRECT ANSWER--------------
---cloud computing
1st step in the OPSEC process, arguably the most important: to identify the assets
that most need protection and will cause us the most harm if exposed ---------
CORRECT ANSWER-----------------identification of critical information
,2nd step in the OPSEC process: to look at the potential harm or financial impact
that might be caused by critical information being exposed, and who might
exploit that exposure ---------CORRECT ANSWER-----------------analysis of threats
3rd step in the OPSEC process: to look at the weaknesses that can be used to
harm us ---------CORRECT ANSWER-----------------analysis of vulnerabilities
4th step in the OPSEC process: to determine what issues we really need to be
concerned about (areas with matching threats and vulnerabilities) ---------
CORRECT ANSWER-----------------assessment of risks
5th step in the OPSEC process: to put measures in place to mitigate risks ---------
CORRECT ANSWER-----------------appliance of countermeasures
This law provides a framework for ensuring the effectiveness of information
security controls in federal government
- changed from Management (2002) to Modernization in 2014 ---------CORRECT
ANSWER-----------------FISMA (Federal Information Security Modernization Act)
This law improves the efficiency and effectiveness of the health care system and
protects patient privacy ---------CORRECT ANSWER-----------------HIPAA (Health
Insurance Portability and Accountability Act)
,This law protects the privacy of students and their parents ---------CORRECT
ANSWER-----------------FERPA (Family Educational Rights and Privacy Act)
This law regulates the financial practice and governance of corporations ---------
CORRECT ANSWER-----------------SOX (Sarbanes-Oxley Act)
This law protects the customers of financial institutions ---------CORRECT ANSWER-
----------------GLBA (Gramm-Leach-Bliley Act)
Relating to an organization's adherence to laws, regulations, and standards --------
-CORRECT ANSWER-----------------compliance
Regulations mandated by law usually requiring regular audits and assessments ----
-----CORRECT ANSWER-----------------regulatory compliance
Regulations or standards designed for specific industries that may impact ability
to conduct business (e.g. PCI DSS) ---------CORRECT ANSWER-----------------industry
compliance
, The state or condition of being free from being observed or disturbed by other
people ---------CORRECT ANSWER-----------------privacy
This act safeguards privacy through the establishment of procedural and
substantive rights in personal data ---------CORRECT ANSWER-----------------The
Federal Privacy Act of 1974
to set a limit on the amount of data we expect to receive to set aside storage for
that data
*required in most programming languages
* prevents buffer overflows ---------CORRECT ANSWER-----------------bounds
checking
A type of software development vulnerability that occurs when multiple
processes or multiple threads within a process control or share access to a
particular resource, and the correct handling of that resource depends on the
proper ordering or timing of transactions ---------CORRECT ANSWER-----------------
race conditions
A type of attack that can occur when we fail to validate the input to our
applications or take steps to filter out unexpected or undesirable content ---------
CORRECT ANSWER-----------------input validation
