WGU C725 Information Assurance – Questions &
Answers (Pass!)
Question 1 : Which of the following contains the primary goals and objectives
of security? Right Ans - The CIA Triad
STRIDE is often used in relation to assessing threats against applications or
operating systems. Which of the following is not an element of STRIDE?
Right Ans - Disclosure
What element of data categorization management can override all other forms
of access control? Right Ans - Taking ownership
Which of the following is not considered a violation of confidentiality?
Right Ans - Hardware destruction
Which of the following is the lowest military data classification for classified
data? Right Ans - Secret
Which of the following is typically not a characteristic considered when
classifying data? Right Ans - Size of object
Which of the following is not considered an example of data hiding? Right
Ans - Preventing an authorized reader of an object from deleting that object
Question 10 : Which commercial business/private sector data classification is
used to control information about individuals within an organization?
Right Ans - Private
The commercial business/private sector data classification of private is used
to protect information about individuals.
Data classifications are used to focus security controls over all but which of
the following? Right Ans - Layering
Layering is a core aspect of security mechanisms, but it is not a focus of data
classifications.
What is the primary goal of change management? Right Ans - Preventing
security compromises
,Which of the following is a principle of the CIA Triad that means authorized
subjects are granted timely and uninterrupted access to objects? Right Ans
- Availability
What ensures that the subject of an activity or event cannot deny that the
event occurred? Right Ans - Nonrepudiation
What is the primary objective of data classification schemes? Right Ans - to
formalize and stratify the process of securing data based on assigned labels of
importance and sensitivity
_______________ refers to keeping information confidential that is personally
identifiable or that might cause harm, embarrassment, or disgrace to someone
if revealed. Right Ans - Privacy
Vulnerabilities and risks are evaluated based on their threats against which of
the following? Right Ans - One or more of the CIA Triad principles
What are the two common data classification schemes? Right Ans - Military
and private sector
Which of the following is the most important and distinctive concept in
relation to layered security? Right Ans - Series
STRIDE Right Ans - Spoofing
tampering
repudiation
information disclosure
denial of service
levation of privilege.
Question 1 : You've performed a basic quantitative risk analysis on a specific
threat/vulnerability/risk relation. You select a possible countermeasure.
When performing the calculations again, which of the following factors will
change? Right Ans - Annualized rate of occurrence
f an organization contracts with outside entities to provide key business
functions or services, such as account or technical support, what is the process
, called that is used to ensure that these entities support sufficient security?
Right Ans - Third-party governance
How is the value of a safeguard to a company calculated? Right Ans - ALE
before safeguard - ALE after implementing the safeguard - annual cost of
safeguard
Which of the following is not an element of the risk analysis process? Right
Ans - Selecting appropriate safeguards and implementing them
What process or event is typically hosted by an organization and is targeted to
groups of employees with similar job functions? Right Ans - Training
When an employee is to be terminated, which of the following should be
done? Right Ans - Disable the employee's network access just as they are
informed of the termination.
Which of the following is a primary purpose of an exit interview? Right Ans
- To review the nondisclosure agreement
What security control is directly focused on preventing collusion? Right
Ans - Separation of duties
How is single loss expectancy (SLE) calculated? Right Ans - Asset value ($)
* exposure factor
When evaluating safeguards, what is the rule that should be followed in most
cases? Right Ans - The annual costs of safeguards should not exceed the
expected annual cost of asset loss.
Which of the following is the weakest element in any security solution?
Right Ans - Humans
When a safeguard or a countermeasure is not present or is not sufficient, what
remains? Right Ans - Vulnerability
Which of the following represents accidental or intentional exploitations of
vulnerabilities? Right Ans - Threat events
Answers (Pass!)
Question 1 : Which of the following contains the primary goals and objectives
of security? Right Ans - The CIA Triad
STRIDE is often used in relation to assessing threats against applications or
operating systems. Which of the following is not an element of STRIDE?
Right Ans - Disclosure
What element of data categorization management can override all other forms
of access control? Right Ans - Taking ownership
Which of the following is not considered a violation of confidentiality?
Right Ans - Hardware destruction
Which of the following is the lowest military data classification for classified
data? Right Ans - Secret
Which of the following is typically not a characteristic considered when
classifying data? Right Ans - Size of object
Which of the following is not considered an example of data hiding? Right
Ans - Preventing an authorized reader of an object from deleting that object
Question 10 : Which commercial business/private sector data classification is
used to control information about individuals within an organization?
Right Ans - Private
The commercial business/private sector data classification of private is used
to protect information about individuals.
Data classifications are used to focus security controls over all but which of
the following? Right Ans - Layering
Layering is a core aspect of security mechanisms, but it is not a focus of data
classifications.
What is the primary goal of change management? Right Ans - Preventing
security compromises
,Which of the following is a principle of the CIA Triad that means authorized
subjects are granted timely and uninterrupted access to objects? Right Ans
- Availability
What ensures that the subject of an activity or event cannot deny that the
event occurred? Right Ans - Nonrepudiation
What is the primary objective of data classification schemes? Right Ans - to
formalize and stratify the process of securing data based on assigned labels of
importance and sensitivity
_______________ refers to keeping information confidential that is personally
identifiable or that might cause harm, embarrassment, or disgrace to someone
if revealed. Right Ans - Privacy
Vulnerabilities and risks are evaluated based on their threats against which of
the following? Right Ans - One or more of the CIA Triad principles
What are the two common data classification schemes? Right Ans - Military
and private sector
Which of the following is the most important and distinctive concept in
relation to layered security? Right Ans - Series
STRIDE Right Ans - Spoofing
tampering
repudiation
information disclosure
denial of service
levation of privilege.
Question 1 : You've performed a basic quantitative risk analysis on a specific
threat/vulnerability/risk relation. You select a possible countermeasure.
When performing the calculations again, which of the following factors will
change? Right Ans - Annualized rate of occurrence
f an organization contracts with outside entities to provide key business
functions or services, such as account or technical support, what is the process
, called that is used to ensure that these entities support sufficient security?
Right Ans - Third-party governance
How is the value of a safeguard to a company calculated? Right Ans - ALE
before safeguard - ALE after implementing the safeguard - annual cost of
safeguard
Which of the following is not an element of the risk analysis process? Right
Ans - Selecting appropriate safeguards and implementing them
What process or event is typically hosted by an organization and is targeted to
groups of employees with similar job functions? Right Ans - Training
When an employee is to be terminated, which of the following should be
done? Right Ans - Disable the employee's network access just as they are
informed of the termination.
Which of the following is a primary purpose of an exit interview? Right Ans
- To review the nondisclosure agreement
What security control is directly focused on preventing collusion? Right
Ans - Separation of duties
How is single loss expectancy (SLE) calculated? Right Ans - Asset value ($)
* exposure factor
When evaluating safeguards, what is the rule that should be followed in most
cases? Right Ans - The annual costs of safeguards should not exceed the
expected annual cost of asset loss.
Which of the following is the weakest element in any security solution?
Right Ans - Humans
When a safeguard or a countermeasure is not present or is not sufficient, what
remains? Right Ans - Vulnerability
Which of the following represents accidental or intentional exploitations of
vulnerabilities? Right Ans - Threat events
