WGU COURSE C836 - FUNDAMENTALS OF INFORMATION SECURITY PRACTICE EXAM QUESTIONS WITH CORRECT DETAILED ANSWERS | ALREADY GRADED A+<RECENT VERSION>

WGU COURSE C836 - FUNDAMENTALS OF INFORMATION SECURITY PRACTICE EXAM QUESTIONS WITH CORRECT DETAILED ANSWERS | ALREADY GRADED A+&lt;RECENT VERSION&gt; 113.A company has had several successful denial of service (DoS) attacks on its email server. Which security principle is being attacked? A Possession B Integrity C Confidentiality D Availability - ANSWER D 114.A new start-up company has started working on a social networking website. The company has moved all its source code to a cloud provider and wants to protect this source code from unauthorized access. Which cyber defense concept should the start-up company use to maintain the confidentiality of its source code? A Alarm systems B Account permissions C Antivirus software D File encryption - ANSWER D 115.Which web attack is possible due to a lack of input validation? A Extraneous files B Clickjacking C SQL injection D Cross-site request forgery - ANSWER C 116.Which file action implements the principle of confidentiality from the CIA triad? A Compression B Hash C Backup D Encryption - ANSWER D 117.Which cyber defense concept suggests limiting permissions to only what is necessary to perform a particular task? A Authentication B Authorization C Defense in depth D Principle of least privilege - ANSWER D 118.A company institutes a new policy that "All office computer monitors must face toward employees and must face away from doorways. The monitor screens must not be visible to people visiting the office." Which principle of the CIA triad is this company applying? A Availability B Confidentiality C Utility D Integrity - ANSWER B 191.At a small company, an employee makes an unauthorized data alteration. Which component of the CIA triad has been compromised? A Confidentiality B Authenticity C Integrity D Availability - ANSWER C 120.An organization plans to encrypt data in transit on a network. Which aspect of data is the organization attempting to protect? A Integrity B Possession C Availability D Authenticity - ANSWER A 121.Which aspect of the CIA triad is violated by an unauthorized database rollback or undo? A Availability B Identification C Integrity D Confidentiality - ANSWER C 122.A company's website has suffered several denial of service (DoS) attacks and wishes to thwart future attacks. Which security principle is the company addressing? A Availability B Authenticity C Confidentiality D Possession - ANSWER A 123.An organization has a requirement that all database servers and file servers be configured to maintain operations in the presence of a failure. Which principle of the CIA triad is this requirement implementing? A Utility B Integrity C Availability D Confidentiality - ANSWER C 124.A company's IT policy manual states that "All company computers, workstations, application servers, and mobile devices must have current versions of antivirus software." Which principle or concept of cybersecurity does this policy statement impact? A Accounting policy B Operating system security C Access control policy D Physical security - ANSWER B 125.An organization's procedures document states that "All electronic communications should be encrypted during transmission across networks using encryption standards specified in the data encryption policy." Which security principle is this policy addressing? A Interruption B Confidentiality C Control D Availability - ANSWER B 126.A company's website policy states that "To gain access to the corporate website, each employee must provide a valid user name and password, and then answer one of six security questions accurately." Which type of security does the policy address? A Operations B Physical C Human element D Application - ANSWER A 127.An organization notices unauthorized visitors following employees through a restricted doorway. Which vulnerability should be addressed in the organization's security policy? A Pretexting B Phishing C Baiting D Tailgating - ANSWER D 128.Information Security - ANSWER Protecting an organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. 129.Compliance - ANSWER Requirements that are set forth by laws and industry regulations. 130.CIA - ANSWER Confidentiality, Integrity, Availability 131.Confidentiality - ANSWER Refers to our ability to protect our data from those who are not authorized to use/view it 132.Integrity - ANSWER The ability to prevent people from changing your data in an unauthorized or undesirable manner 133.Availability - ANSWER Refers to the ability to access our data when we need it 134.Possession/Control - ANSWER refers to the physical disposition of the media on which the data is stored. (tape examples where some are encrypted and some are not) 135.Authenticity - ANSWER whether you've attributed the data in question to the proper owner or creator. (altered email that says it's from one person when it's not - violation of the authenticity of the email 136.Utility - ANSWER refers to how useful the data is to you. 137.Attacks - ANSWER interception, interruption, modification, and fabrication 138.Interception - ANSWER attacks that allow unauthorized users to access your data, applications, or environments. Are primarily attacks against confidentiality 139.Interruption - ANSWER attacks that make your assets unusable or unavailable to you temporarily or permanently. DoS attack on a mail server, for example. May also affect integrity 140.Modification - ANSWER attacks involve tampering with our asset. Such attacks might primarily be considered an integrity attack but could also represent an availability attack. 141.Fabrication - ANSWER attacks involve generating data, processes, communications, or other similar activities with a system. Fabrication attacks primarily affect integrity but could be considered an availability attack as well. 142.Risk - ANSWER is the likelihood that an event will occur. To have risk there must be a threat and vulnerability. 143.Threats - ANSWER are any events being man-made, natural or environmental that could cause damage to assets. 144.Vulnerabilities - ANSWER are a weakness that a threat event or the threat agent can take advantage of. 145.Impact - ANSWER takes into account the value of the asset being threatened and uses it to calculate risk 146.Risk Management Process - ANSWER Identify assets, identify threats, assess vulnerabilities, assess risks, mitigate risks 147.Defense in Depth - ANSWER Using multiple layers of security to defend your assets. 148.Controls - ANSWER are the ways we protect assets. Three different types: physical, logical, administrative 149.Physical Controls - ANSWER environment; physical items that protect assets think locks, doors, guards, and, fences or environmental factors (time) 150.Logical Controls - ANSWER Sometimes called technical controls, these protect the systems, networks, and environments that process, transmit, and store our data 151.Administrative Controls - ANSWER based on laws, rules, policies, and procedures, guidelines, and other items that are "paper" in nature. They are the policies that organizations create for governance. For example, acceptable use and email use policies. 152.Preparation - ANSWER phase of incident response consists of all of the activities that we can perform, in advance of the incident itself, in order to better enable us to handle it.