WGU, Information Security and
Assurance (C725), SET III OBJECTIVE
ASSESSMENT LATEST EXAM
QUESTIONS AND CORRECT ANSWERS
UPDATED 2025/2026 NEW
SYLLABUS|A+ GRADED|100%
GUARANTEED PASS||BRAND NEW
VERSION!!!
This document restates the requirements of the TCSEC in a network context as
contrasted with TCSEC on stand-alone and non-networked environments. -
ANSWER ✓ The Trusted Network Interpretation (TNI) of the TCSEC
A European-developed criterion that fills a role roughly equivalent to the TCSEC
for use throughout the European Community. - ANSWER ✓ The Information
Technology Security Evaluation Criteria (ITSEC)
T or F
The ITSEC places increased emphasis on integrity and availability and attempts to
provide a uniform approach to the evaluation of both products and systems.It also
introduces the security target (ST), a written document that contains
thesecomponents:- A system security policy- Required security-enforcing
functions- Required security mechanisms- Claimed ratings of minimum strength-
Target evaluation levels, expressed as both functional and evaluation (F-xx and E-
yy) - ANSWER ✓ True
ITSEC assurance class that provides Inadequate assurance; fails to meet E1
requirements - ANSWER ✓ E0
, ITSEC assurance class that provides an informal description of the TOE's
architectural design and functional testing that the TOE satisfies target
requirements - ANSWER ✓ E1
ITSEC assurance class that provides E1 requirements, plus an informal description
of detailed designs, testing evidence, configuration control requirements, and
approved distribution procedures - ANSWER ✓ E2
ITSEC assurance class that provides E2 requirements, plus source code and
drawings that are evaluated and testing evidence of security mechanisms that are
evaluated - ANSWER ✓ E3
ITSEC assurance class that provides E3 requirements, plus a formal model of
security policy, semiformal specification of security enforcing functions,
architectural design documents, and detailed design documents - ANSWER ✓ E4
ITSEC assurance class that provides E4 requirements, plus evidence of close
correspondence between detailed design and source code (traceability of design
into implementation) - ANSWER ✓ E5
ITSEC assurance class that provides E5 requirements, plus a formal specification
of security-enforcing functions and architectural design, along with consistency
with the formal security policy model - ANSWER ✓ E6
Which of the following places the Orange Book classifications in order from most
secure to least secure?
A.Division A, Division B, Division C, Division D
B.Division D, Division C, Division B, Division A
C.Division D, Division B, Division A, Division C
D.Division C, Division D, Division B, Division A - ANSWER ✓ A. Division A,
Division B, Division C, Division D
T or F
The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) is the
Canadian equivalent of the TCSEC - ANSWER ✓ True
T or F
, The Federal Criteria for Information Technology Security (Federal Criteria, or FC)
was developed as a joint project by the National Institute of Standards and
Technology (NIST) and the National Security Agency (NSA). - ANSWER ✓ True
T or F
The Federal Criteria was an attempt to develop a set of newer criteria to replace the
aging TCSEC. It introduces the concept of a protection profile (PP) that empowers
users or buyers of technology to specify their security requirements for hardware
and software. - ANSWER ✓ True
Joint efforts among the United States (TCSEC), Canada (CTCPEC), and Europe
(ITSEC) began in 1993 to harmonize security evaluation criteria to enable true
comparability for the results of independent security evaluations. These joint
activities were designed to align international separate criteria into a single set of
IT security criteria that could be broadly used. - ANSWER ✓ Common Criteria
(CC) Project
Combines the best features of the TCSEC with the ITSEC and the CTCPEC, and
synergizes them into a single international standard. - ANSWER ✓ The Common
Criteria, also known as ISO 15408
T or F
The CC breaks apart the functional and assurance requirements into distinct
elements that users can select for customized security device implementation. -
ANSWER ✓ True
In the Common Criteria (CC), this element permits the expression of requirements
that meet an identifiable subset of security objectives. - ANSWER ✓ Packages
Packages are reusable and can be used to construct larger packages as well.
T or F
Using the CC framework, users and developers of IT security products create
protection profiles (PPs) as an implementation-independent collection of objectives
and requirements for any given category of products or systems that must meet
Assurance (C725), SET III OBJECTIVE
ASSESSMENT LATEST EXAM
QUESTIONS AND CORRECT ANSWERS
UPDATED 2025/2026 NEW
SYLLABUS|A+ GRADED|100%
GUARANTEED PASS||BRAND NEW
VERSION!!!
This document restates the requirements of the TCSEC in a network context as
contrasted with TCSEC on stand-alone and non-networked environments. -
ANSWER ✓ The Trusted Network Interpretation (TNI) of the TCSEC
A European-developed criterion that fills a role roughly equivalent to the TCSEC
for use throughout the European Community. - ANSWER ✓ The Information
Technology Security Evaluation Criteria (ITSEC)
T or F
The ITSEC places increased emphasis on integrity and availability and attempts to
provide a uniform approach to the evaluation of both products and systems.It also
introduces the security target (ST), a written document that contains
thesecomponents:- A system security policy- Required security-enforcing
functions- Required security mechanisms- Claimed ratings of minimum strength-
Target evaluation levels, expressed as both functional and evaluation (F-xx and E-
yy) - ANSWER ✓ True
ITSEC assurance class that provides Inadequate assurance; fails to meet E1
requirements - ANSWER ✓ E0
, ITSEC assurance class that provides an informal description of the TOE's
architectural design and functional testing that the TOE satisfies target
requirements - ANSWER ✓ E1
ITSEC assurance class that provides E1 requirements, plus an informal description
of detailed designs, testing evidence, configuration control requirements, and
approved distribution procedures - ANSWER ✓ E2
ITSEC assurance class that provides E2 requirements, plus source code and
drawings that are evaluated and testing evidence of security mechanisms that are
evaluated - ANSWER ✓ E3
ITSEC assurance class that provides E3 requirements, plus a formal model of
security policy, semiformal specification of security enforcing functions,
architectural design documents, and detailed design documents - ANSWER ✓ E4
ITSEC assurance class that provides E4 requirements, plus evidence of close
correspondence between detailed design and source code (traceability of design
into implementation) - ANSWER ✓ E5
ITSEC assurance class that provides E5 requirements, plus a formal specification
of security-enforcing functions and architectural design, along with consistency
with the formal security policy model - ANSWER ✓ E6
Which of the following places the Orange Book classifications in order from most
secure to least secure?
A.Division A, Division B, Division C, Division D
B.Division D, Division C, Division B, Division A
C.Division D, Division B, Division A, Division C
D.Division C, Division D, Division B, Division A - ANSWER ✓ A. Division A,
Division B, Division C, Division D
T or F
The Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) is the
Canadian equivalent of the TCSEC - ANSWER ✓ True
T or F
, The Federal Criteria for Information Technology Security (Federal Criteria, or FC)
was developed as a joint project by the National Institute of Standards and
Technology (NIST) and the National Security Agency (NSA). - ANSWER ✓ True
T or F
The Federal Criteria was an attempt to develop a set of newer criteria to replace the
aging TCSEC. It introduces the concept of a protection profile (PP) that empowers
users or buyers of technology to specify their security requirements for hardware
and software. - ANSWER ✓ True
Joint efforts among the United States (TCSEC), Canada (CTCPEC), and Europe
(ITSEC) began in 1993 to harmonize security evaluation criteria to enable true
comparability for the results of independent security evaluations. These joint
activities were designed to align international separate criteria into a single set of
IT security criteria that could be broadly used. - ANSWER ✓ Common Criteria
(CC) Project
Combines the best features of the TCSEC with the ITSEC and the CTCPEC, and
synergizes them into a single international standard. - ANSWER ✓ The Common
Criteria, also known as ISO 15408
T or F
The CC breaks apart the functional and assurance requirements into distinct
elements that users can select for customized security device implementation. -
ANSWER ✓ True
In the Common Criteria (CC), this element permits the expression of requirements
that meet an identifiable subset of security objectives. - ANSWER ✓ Packages
Packages are reusable and can be used to construct larger packages as well.
T or F
Using the CC framework, users and developers of IT security products create
protection profiles (PPs) as an implementation-independent collection of objectives
and requirements for any given category of products or systems that must meet
