WGU C725 - INFO SEC & ASSURANCE: Q’s And A’s
Four common classes of safe ratings are Right Ans - B-Rate: B-Rate is a
catchall rating for any box with a lock on it. This rating describes the thickness
of the steel used to make the lockbox. No actual testing is performed to gain
this rating.
C-Rate: This is defined as a variably thick steel box with a 1-inch-thick door
and a lock. No tests are conducted to provide this rating, either.
UL TL-15: Safes with an Underwriters Laboratory (UL) TL-15 rating have
passed standardized tests as defined in UL Standard 687 using tools and an
expert group of safe-testing engineers. The UL TL-15 label requires that the
safe be constructed of 1-inch solid steel or equivalent. The label means that
the safe has been tested for a net working time of 15 minutes using "common
hand tools, drills, punches hammers, and pressure applying devices." Net
working time means that when the tool comes off the safe, the clock stops.
Engineers exercise more than 50 different types of attacks that have proven
effective for safecracking.
UL TL-30: UL TL-30 testing is essentially the same as the TL-15 testing, except
for the net working time. Testers get 30 minutes and a few more tools to help
them gain access. Testing engineers usually have a safe's manufacturing
blueprints and can disassemble the safe before the test begins to see how it
works.
Confidentiality is sometimes referred to as Right Ans - the principle of least
privilege,
meaning that users should be given only enough privilege to perform their
duties, and no more. Some other synonyms for confidentiality you might
encounter include privacy, secrecy, and discretion.
Confidentiality models are Right Ans - primarily intended to ensure that no
unauthorized access to information is permitted and that accidental
disclosure of sensitive information is not possible. Common confidentiality
controls are user IDs and passwords.
, Question: Related to information security, confidentiality is the opposite of
which of the following? Right Ans - Disclosure
Question :Which of the following represents the three goals of information
security? Right Ans - Confidentiality, integrity, and availability
Defense in depth is needed to ensure that which three mandatory activities
are present in a security system? Right Ans - Prevention, detection, and
response
What is defense in dept Right Ans - It requires layering security devices in
a series that protects, detects, and responds to attacks on systems.
Defense in depth is also known as Layered security
What does "When Left on Their Own, People Tend to Make the Worst Security
Decisions" mean? Right Ans - When Left on Their Own, It takes little to
convince someone to give up their credentials in exchange for trivial or
worthless goods
Which of the following best represents the two types of IT security
requirements? Right Ans - Functional and assurance
Functional IT security requirement describe what? Right Ans - what a
system should do
Assurance IT security requirements describe what? Right Ans - how
functional requirements should be implemented and tested
Functional and assurance IT requirements describe what? Right Ans - 1)
Does the system do the right things (behave as promised?
2) Does the system do the right things in the right way?
Security Through Obscurity Is Not an Answer Right Ans - Security through
obscurity means that hiding the details of the security mechanisms is
sufficient to secure the system alone.
Four common classes of safe ratings are Right Ans - B-Rate: B-Rate is a
catchall rating for any box with a lock on it. This rating describes the thickness
of the steel used to make the lockbox. No actual testing is performed to gain
this rating.
C-Rate: This is defined as a variably thick steel box with a 1-inch-thick door
and a lock. No tests are conducted to provide this rating, either.
UL TL-15: Safes with an Underwriters Laboratory (UL) TL-15 rating have
passed standardized tests as defined in UL Standard 687 using tools and an
expert group of safe-testing engineers. The UL TL-15 label requires that the
safe be constructed of 1-inch solid steel or equivalent. The label means that
the safe has been tested for a net working time of 15 minutes using "common
hand tools, drills, punches hammers, and pressure applying devices." Net
working time means that when the tool comes off the safe, the clock stops.
Engineers exercise more than 50 different types of attacks that have proven
effective for safecracking.
UL TL-30: UL TL-30 testing is essentially the same as the TL-15 testing, except
for the net working time. Testers get 30 minutes and a few more tools to help
them gain access. Testing engineers usually have a safe's manufacturing
blueprints and can disassemble the safe before the test begins to see how it
works.
Confidentiality is sometimes referred to as Right Ans - the principle of least
privilege,
meaning that users should be given only enough privilege to perform their
duties, and no more. Some other synonyms for confidentiality you might
encounter include privacy, secrecy, and discretion.
Confidentiality models are Right Ans - primarily intended to ensure that no
unauthorized access to information is permitted and that accidental
disclosure of sensitive information is not possible. Common confidentiality
controls are user IDs and passwords.
, Question: Related to information security, confidentiality is the opposite of
which of the following? Right Ans - Disclosure
Question :Which of the following represents the three goals of information
security? Right Ans - Confidentiality, integrity, and availability
Defense in depth is needed to ensure that which three mandatory activities
are present in a security system? Right Ans - Prevention, detection, and
response
What is defense in dept Right Ans - It requires layering security devices in
a series that protects, detects, and responds to attacks on systems.
Defense in depth is also known as Layered security
What does "When Left on Their Own, People Tend to Make the Worst Security
Decisions" mean? Right Ans - When Left on Their Own, It takes little to
convince someone to give up their credentials in exchange for trivial or
worthless goods
Which of the following best represents the two types of IT security
requirements? Right Ans - Functional and assurance
Functional IT security requirement describe what? Right Ans - what a
system should do
Assurance IT security requirements describe what? Right Ans - how
functional requirements should be implemented and tested
Functional and assurance IT requirements describe what? Right Ans - 1)
Does the system do the right things (behave as promised?
2) Does the system do the right things in the right way?
Security Through Obscurity Is Not an Answer Right Ans - Security through
obscurity means that hiding the details of the security mechanisms is
sufficient to secure the system alone.
