WGU C725 Exam: Questions And Answers (Solved)
CIA Triad Right Ans - Confidentiality, Integrity, Availability (CIA) are
typically viewed as the primary goals and objectives of a security
infrastructure.
Confientiality Right Ans - No unauthorized access to information is
permitted and that accidental disclosure of sensitive information is not
possible. Principle of least privilege.
Integrity Right Ans - Protecting the reliability and correctness of data. Keep
Data pure and trustworthy by protecting system data from intentional or
accidental changes.
Availability Right Ans - Keep data and resources available for authorized
use, especially during emergencies and disasters.
Defense in Depth Right Ans - Layering security to offset the weaknesses of
one security layer by the strengths of two or more layers. The three elements
needed to secure assets: prevention, detection, response.
Risk Matrix within a Qualitative Risk Assessment Right Ans - A form of risk
assessment that is performed on a basic graph or chart comparing probability
and damage potential through the use of expertise such as emotions,
investor/consumer confidence, and workforce stability.
Message Digest Right Ans - A one-way hashing formula to produce a small
numeric value that's unique but easily repeatable for that exact stream of
data. A digital signature.
digital certificate Right Ans - a data file assigned by a certificate authority
using the X.509 that identifies individuals or organizations online and is
comparable to a digital signature.
asymmetric encryption Right Ans - a type of cryptographic based on
algorithms that require two keys -- one of which is secret (or private) and one
of which is public (freely known to others).
, Symmetric Encryption Right Ans - An encryption method in which the
same key is used to encrypt and decrypt a message. Also known as private-key
encryption.
RSA Right Ans - Named after its inventors, Rivest, Shamir, and Adelman
uses asymmetric key cryptography.
OSI Model Right Ans - Application, Presentation, Session, Transport,
Network, Data Link, Physical
Policy Right Ans - Statements of management's intent and overview, or
generalization of organizations security needs.
Guidelines Right Ans - Documentation that aids in compliance with
standard considerations, hints, tips, and best practices in implementation.
Procedures Right Ans - step-by-step instructions for completing a task
Standards Right Ans - Topic-specific (standards) and system-specific
(baselines) documents that describe overall requirements for security.
Least Privilege Right Ans - Providing only the minimum amount of
privileges necessary to perform a job or function.
Separation of Duties Right Ans - No one person in an organization should
have the ability to control or close down an security activity. Helps limit an
individual's ability to cause harm or perpetrate theft.
Trusted Computing Base (TCB) Right Ans - is the totality of protection
mechanisms within a computer system, including hardware, firmware, and
software.
Bell-LaPadula Model Right Ans - Confidentiality model intended to
preserve the principle of least privilege. No read up, no write down.
Biba Integrity Model Right Ans - Integrity model uses the read-up, write
down approach. Subjects cannot read objects of lesser integrity and cannot
write to objects of higher integrity.
CIA Triad Right Ans - Confidentiality, Integrity, Availability (CIA) are
typically viewed as the primary goals and objectives of a security
infrastructure.
Confientiality Right Ans - No unauthorized access to information is
permitted and that accidental disclosure of sensitive information is not
possible. Principle of least privilege.
Integrity Right Ans - Protecting the reliability and correctness of data. Keep
Data pure and trustworthy by protecting system data from intentional or
accidental changes.
Availability Right Ans - Keep data and resources available for authorized
use, especially during emergencies and disasters.
Defense in Depth Right Ans - Layering security to offset the weaknesses of
one security layer by the strengths of two or more layers. The three elements
needed to secure assets: prevention, detection, response.
Risk Matrix within a Qualitative Risk Assessment Right Ans - A form of risk
assessment that is performed on a basic graph or chart comparing probability
and damage potential through the use of expertise such as emotions,
investor/consumer confidence, and workforce stability.
Message Digest Right Ans - A one-way hashing formula to produce a small
numeric value that's unique but easily repeatable for that exact stream of
data. A digital signature.
digital certificate Right Ans - a data file assigned by a certificate authority
using the X.509 that identifies individuals or organizations online and is
comparable to a digital signature.
asymmetric encryption Right Ans - a type of cryptographic based on
algorithms that require two keys -- one of which is secret (or private) and one
of which is public (freely known to others).
, Symmetric Encryption Right Ans - An encryption method in which the
same key is used to encrypt and decrypt a message. Also known as private-key
encryption.
RSA Right Ans - Named after its inventors, Rivest, Shamir, and Adelman
uses asymmetric key cryptography.
OSI Model Right Ans - Application, Presentation, Session, Transport,
Network, Data Link, Physical
Policy Right Ans - Statements of management's intent and overview, or
generalization of organizations security needs.
Guidelines Right Ans - Documentation that aids in compliance with
standard considerations, hints, tips, and best practices in implementation.
Procedures Right Ans - step-by-step instructions for completing a task
Standards Right Ans - Topic-specific (standards) and system-specific
(baselines) documents that describe overall requirements for security.
Least Privilege Right Ans - Providing only the minimum amount of
privileges necessary to perform a job or function.
Separation of Duties Right Ans - No one person in an organization should
have the ability to control or close down an security activity. Helps limit an
individual's ability to cause harm or perpetrate theft.
Trusted Computing Base (TCB) Right Ans - is the totality of protection
mechanisms within a computer system, including hardware, firmware, and
software.
Bell-LaPadula Model Right Ans - Confidentiality model intended to
preserve the principle of least privilege. No read up, no write down.
Biba Integrity Model Right Ans - Integrity model uses the read-up, write
down approach. Subjects cannot read objects of lesser integrity and cannot
write to objects of higher integrity.
