WGU C725 UPDATED ACTUAL Exam
Questions and CORRECT ANSWERS
Code of Ethics Canons' described under 'Protect society, the commonwealth, and the
infrastructure - CORRECT ANSWER✔✔- 1. Promote and preserve public trust and
confidence in information and systems. 2. Promote the understanding and acceptance of
prudent information security measures. 3. Preserve and strengthen the integrity of the public
infrastructure. 4. Discourage unsafe practice.
Role Based Access Control (RBAC) - CORRECT ANSWER✔✔- A Role Based Access
Control (RBAC) model can group users into roles based on the organization's hierarchy, and
it is a nondiscretionary access control model. A nondiscretionary access control model uses a
central authority to determine which objects that subjects can access.
The preventions to reduce the potential for data breach are: - CORRECT ANSWER✔✔- 1.
Support for controls from management 2. Policies based on business objectives 3. A complete
understanding of the types of control required 4. A cost analysis of controls and cost
assessment of a potential breach 5. Employee security education, training, and awareness
Capability tables - CORRECT ANSWER✔✔- Capability tables are created for each subject,
and they identify the objects that the subject can access. It includes the authorization rights of
the access control subject such as read, write, execute, and so on.
ACLs (access control lists) - CORRECT ANSWER✔✔- ACLs (access control lists) are lists
of subjects that are authorized to access a specific object.
access control matrix - CORRECT ANSWER✔✔- An access control matrix is a table that
includes subjects, objects, and assigned privileges.
Aggregation - CORRECT ANSWER✔✔- Aggregation is a process in which a user collects
and combines information from various sources to obtain complete information. The
individual parts of information are at the correct sensitivity, but the combined information is
not. A user can combine information available at a lower privilege, thereby reducing the
information at a higher privilege level.
,inference attacks - CORRECT ANSWER✔✔- inference attacks, where the subject deduces
the complete information about an object from the bits of information collected through
aggregation. Therefore, inference is the ability of a subject to derive implicit information. A
protection mechanism to limit inferencing of information in statistical database queries is
specifying a minimum query set size, but prohibiting the querying of all but one of the
records in the database.
Polyinstantiation - CORRECT ANSWER✔✔- Polyinstantiation, also known as data
contamination, is used to conceal classified information that exists in a database and to fool
intruders. Polyinstantiation ensures that users with lower access level are not able to access
and modify data categorized for a higher level of access in a multi-level database.
Polyinstantiation can be used to reduce data inference violations. When polyinstantiation is
implemented, two objects are created by using the same primary keys. One object is filled
with incorrect information and is deemed unclassified, and the other object contains the
original classified information. When a user with lower level privileges attempts to access the
object, the user is directed to the object containing incorrect information. Polyinstantiation is
concerned with the same primary key existing at different classification levels in the same
database.
Scavenging - CORRECT ANSWER✔✔- Scavenging, also referred to as browsing, involves
looking for information without knowing its format. Scavenging is searching the data residue
in a system to gain unauthorized knowledge of sensitive data.
Identification - CORRECT ANSWER✔✔- Identification is the method used by a user or
process to claim who they are or to assert who they claim to be. Identification involved
supplying your user name, account number, or some other form of personal identification. It
is the means by which a user provides a claim of his or her identity to a system.
Authentication - CORRECT ANSWER✔✔- Authentication is the process of being
recognized by a system. Authentication involves supplying a second piece of information,
such as a password, that is checked against a database for accuracy. If this piece of
information matches the stored information, the subject is authenticated. It is the testing or
reconciliation of evidence of a user's identity.
Components of the Common Criteria protection profile - CORRECT ANSWER✔✔- The
protection profile contains a set of security requirements including functionality and
assurance criteria for a product and the rationale behind such requirements. The
corresponding evaluation assurance level (EAL) rating intended for the product is also
specified. The environmental conditions, the expected functional, the assurance levels, and
the product objectives are also included in the protection profile when the product is
, evaluated by the Common Criteria for a target evaluation rating. Evaluation tests are
performed for the targeted rating awarded to the target of evaluation, and the results are
verified before granting an EAL rating to the intended product. Components of the Common
Criteria protection profile include Target of Evaluation (TOE) description, threats against the
product that must be addressed, and security objectives.
RADIUS - CORRECT ANSWER✔✔- RADIUS is a AAA protocol that provides
authentication, authorization, and accounting services. It centralizes authentication for remote
dial-up connections. It is used when an organization has more than one remote access server.
Which policies provide protection against remote maintenance PBX attacks? - CORRECT
ANSWER✔✔- 1. Turn off the remote maintenance features when not needed. 2. Use strong
authentication on the remote maintenance ports. 3. Keep PBX terminals in a locked, restricted
area. 4. Replace or disable embedded logins and passwords.
Rijndael cipher - CORRECT ANSWER✔✔- The Rijndael cipher uses the 128-bit key, 192-
bit key, or 256-bit key. In this cipher, the number of encryption rounds depends on the key
length. If a 128-bit key is used, then 9 rounds of encryption take place. If a 192-bit key is
used, then 11 rounds of encryption take place, and similarly, if a 256-bit key is used, then 13
rounds of encryption take place.
stream cipher - CORRECT ANSWER✔✔- A stream cipher is a symmetric key cipher that
operates on each character, or bit of a message. It encrypts one character per bit at a time.
Caesar cipher and one-time pad are the examples of a stream cipher.
block cipher - CORRECT ANSWER✔✔- A block cipher is a symmetric key cipher that
operates on blocks of messages. It encrypts an entire message block at the same time.
Transposition ciphers are examples of block ciphers. Each block cipher has a mode of
operation that functions as a stream cipher.
transposition cipher - CORRECT ANSWER✔✔- a transposition cipher is a method of
encryption by which the positions held by units of plaintext (which are commonly characters
or groups of characters) are shifted according to a regular system, so that the ciphertext
constitutes a permutation of the plaintext.
Cache memory - CORRECT ANSWER✔✔- Cache memory is memory that is used for high-
speed transfer of data. Data in cache can be accessed by the CPU more quickly than data
located in random access memory (RAM).
Questions and CORRECT ANSWERS
Code of Ethics Canons' described under 'Protect society, the commonwealth, and the
infrastructure - CORRECT ANSWER✔✔- 1. Promote and preserve public trust and
confidence in information and systems. 2. Promote the understanding and acceptance of
prudent information security measures. 3. Preserve and strengthen the integrity of the public
infrastructure. 4. Discourage unsafe practice.
Role Based Access Control (RBAC) - CORRECT ANSWER✔✔- A Role Based Access
Control (RBAC) model can group users into roles based on the organization's hierarchy, and
it is a nondiscretionary access control model. A nondiscretionary access control model uses a
central authority to determine which objects that subjects can access.
The preventions to reduce the potential for data breach are: - CORRECT ANSWER✔✔- 1.
Support for controls from management 2. Policies based on business objectives 3. A complete
understanding of the types of control required 4. A cost analysis of controls and cost
assessment of a potential breach 5. Employee security education, training, and awareness
Capability tables - CORRECT ANSWER✔✔- Capability tables are created for each subject,
and they identify the objects that the subject can access. It includes the authorization rights of
the access control subject such as read, write, execute, and so on.
ACLs (access control lists) - CORRECT ANSWER✔✔- ACLs (access control lists) are lists
of subjects that are authorized to access a specific object.
access control matrix - CORRECT ANSWER✔✔- An access control matrix is a table that
includes subjects, objects, and assigned privileges.
Aggregation - CORRECT ANSWER✔✔- Aggregation is a process in which a user collects
and combines information from various sources to obtain complete information. The
individual parts of information are at the correct sensitivity, but the combined information is
not. A user can combine information available at a lower privilege, thereby reducing the
information at a higher privilege level.
,inference attacks - CORRECT ANSWER✔✔- inference attacks, where the subject deduces
the complete information about an object from the bits of information collected through
aggregation. Therefore, inference is the ability of a subject to derive implicit information. A
protection mechanism to limit inferencing of information in statistical database queries is
specifying a minimum query set size, but prohibiting the querying of all but one of the
records in the database.
Polyinstantiation - CORRECT ANSWER✔✔- Polyinstantiation, also known as data
contamination, is used to conceal classified information that exists in a database and to fool
intruders. Polyinstantiation ensures that users with lower access level are not able to access
and modify data categorized for a higher level of access in a multi-level database.
Polyinstantiation can be used to reduce data inference violations. When polyinstantiation is
implemented, two objects are created by using the same primary keys. One object is filled
with incorrect information and is deemed unclassified, and the other object contains the
original classified information. When a user with lower level privileges attempts to access the
object, the user is directed to the object containing incorrect information. Polyinstantiation is
concerned with the same primary key existing at different classification levels in the same
database.
Scavenging - CORRECT ANSWER✔✔- Scavenging, also referred to as browsing, involves
looking for information without knowing its format. Scavenging is searching the data residue
in a system to gain unauthorized knowledge of sensitive data.
Identification - CORRECT ANSWER✔✔- Identification is the method used by a user or
process to claim who they are or to assert who they claim to be. Identification involved
supplying your user name, account number, or some other form of personal identification. It
is the means by which a user provides a claim of his or her identity to a system.
Authentication - CORRECT ANSWER✔✔- Authentication is the process of being
recognized by a system. Authentication involves supplying a second piece of information,
such as a password, that is checked against a database for accuracy. If this piece of
information matches the stored information, the subject is authenticated. It is the testing or
reconciliation of evidence of a user's identity.
Components of the Common Criteria protection profile - CORRECT ANSWER✔✔- The
protection profile contains a set of security requirements including functionality and
assurance criteria for a product and the rationale behind such requirements. The
corresponding evaluation assurance level (EAL) rating intended for the product is also
specified. The environmental conditions, the expected functional, the assurance levels, and
the product objectives are also included in the protection profile when the product is
, evaluated by the Common Criteria for a target evaluation rating. Evaluation tests are
performed for the targeted rating awarded to the target of evaluation, and the results are
verified before granting an EAL rating to the intended product. Components of the Common
Criteria protection profile include Target of Evaluation (TOE) description, threats against the
product that must be addressed, and security objectives.
RADIUS - CORRECT ANSWER✔✔- RADIUS is a AAA protocol that provides
authentication, authorization, and accounting services. It centralizes authentication for remote
dial-up connections. It is used when an organization has more than one remote access server.
Which policies provide protection against remote maintenance PBX attacks? - CORRECT
ANSWER✔✔- 1. Turn off the remote maintenance features when not needed. 2. Use strong
authentication on the remote maintenance ports. 3. Keep PBX terminals in a locked, restricted
area. 4. Replace or disable embedded logins and passwords.
Rijndael cipher - CORRECT ANSWER✔✔- The Rijndael cipher uses the 128-bit key, 192-
bit key, or 256-bit key. In this cipher, the number of encryption rounds depends on the key
length. If a 128-bit key is used, then 9 rounds of encryption take place. If a 192-bit key is
used, then 11 rounds of encryption take place, and similarly, if a 256-bit key is used, then 13
rounds of encryption take place.
stream cipher - CORRECT ANSWER✔✔- A stream cipher is a symmetric key cipher that
operates on each character, or bit of a message. It encrypts one character per bit at a time.
Caesar cipher and one-time pad are the examples of a stream cipher.
block cipher - CORRECT ANSWER✔✔- A block cipher is a symmetric key cipher that
operates on blocks of messages. It encrypts an entire message block at the same time.
Transposition ciphers are examples of block ciphers. Each block cipher has a mode of
operation that functions as a stream cipher.
transposition cipher - CORRECT ANSWER✔✔- a transposition cipher is a method of
encryption by which the positions held by units of plaintext (which are commonly characters
or groups of characters) are shifted according to a regular system, so that the ciphertext
constitutes a permutation of the plaintext.
Cache memory - CORRECT ANSWER✔✔- Cache memory is memory that is used for high-
speed transfer of data. Data in cache can be accessed by the CPU more quickly than data
located in random access memory (RAM).
