WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY MIDTERM EXAM RATIONALE Q&A
2024/2025
Access Control List –
CORRECT ANSWER: info about what kind of access certainparties are
allowed to have to a given system
Read , write , execute
Access Control Models –
CORRECT ANSWER: Discretionary ( DAC )Mandatory ( MAC )
Rule - based
Role - based ( RBAC )
Attribute - based ( ABAC )
Accountability –
CORRECT ANSWER:
Refers to making sure that a person isresponsible for their actions .
-It provides us with the means to trace activities in our environment back to their
source
-Depends on identification , authentication , and access control being present so
that wecan know who a given transaction is associated with , and what
permissions were used to allow them to carry it out .
about:blank 1/85
, Acess Control –
CORRECT ANSWER: Allowing - lets us give a particular party accessto a given
source
Denying - opposite of gaining access
Limiting - allowing some access to our resource , only up to a certain point
Revoking - takes access away from former user
AES –
CORRECT ANSWER: uses three different ciphers : one with a 128 - bit key , one
with a 192 - bit key , and one with a 256 - bit key , all having a block length of 128
bits
Asymmetric cryptography –
CORRECT ANSWER: a public key and a private key . Thepublic key is used to
encrypt data sent from the sender to the receiver and is shared with everyone .
Private keys are used to decrypt data that arrives at the receiving end and are
very carefully guarded by the receive ( aka the public key cryptography )
Asymmetric Key Algorithms –
CORRECT ANSWER:
Secure Sockets Layer ( RSA )Elliptic Curve Cryptography ( ECC )
Pretty Good Privacy ( PGP )
Transport Layer Security (
TLS )
Attack Types –
about:blank 2/85
, CORRECT ANSWER: InterceptionInterruption
Modification
Fabrication
Attack types and their effect –
CORRECT ANSWER: Interception is the ONLY attack that affects on
confidentiality. Interruption, modification, and fabrication affects integrityand
availability because most of the time they're impacting data.
Attribute - based ( ABAC )
- CORRECT ANSWER: based on attributes , such as of aperson , resource , or
an environment
Auditing –
CORRECT ANSWER: the examination and review of an organization's
records to ensure accountability through technical means .
Authentication –
CORRECT ANSWER: verifying that a person is who they claim to be
Authorization –
CORRECT ANSWER: what the user can access , modify , and delete
Availability –
CORRECT ANSWER: For one's AUTHORIZED to ACCESS data whenneeded
about:blank 3/85
, BinScope Binary Analyzer –
CORRECT ANSWER: a tool developed by Microsoft toexamine source code
for general good practices
Block Cipher –
CORRECT ANSWER: takes a predetermined number of bits , known asa block , in the
plaintext message and encrypts that block
Brute Force –
CORRECT ANSWER: an attack by submitting password attempts untileventually
guessed correctly
Buffer overflows –
CORRECT ANSWER:
a vulnerability that occurs when we do not properly store the size of the data input
into our applications , causing the program tocrash and an attacker to take
advantage
Certificates –
CORRECT ANSWER: link a public key to a particular individual and areoften used
as a form of electronic identification for that particular person
Childrens ' Online Privacy Protection Act (COPPA) –
CORRECT ANSWER: sets ruleson data collection for children under 13 to
protect their online privacy
about:blank 4/85
SECURITY MIDTERM EXAM RATIONALE Q&A
2024/2025
Access Control List –
CORRECT ANSWER: info about what kind of access certainparties are
allowed to have to a given system
Read , write , execute
Access Control Models –
CORRECT ANSWER: Discretionary ( DAC )Mandatory ( MAC )
Rule - based
Role - based ( RBAC )
Attribute - based ( ABAC )
Accountability –
CORRECT ANSWER:
Refers to making sure that a person isresponsible for their actions .
-It provides us with the means to trace activities in our environment back to their
source
-Depends on identification , authentication , and access control being present so
that wecan know who a given transaction is associated with , and what
permissions were used to allow them to carry it out .
about:blank 1/85
, Acess Control –
CORRECT ANSWER: Allowing - lets us give a particular party accessto a given
source
Denying - opposite of gaining access
Limiting - allowing some access to our resource , only up to a certain point
Revoking - takes access away from former user
AES –
CORRECT ANSWER: uses three different ciphers : one with a 128 - bit key , one
with a 192 - bit key , and one with a 256 - bit key , all having a block length of 128
bits
Asymmetric cryptography –
CORRECT ANSWER: a public key and a private key . Thepublic key is used to
encrypt data sent from the sender to the receiver and is shared with everyone .
Private keys are used to decrypt data that arrives at the receiving end and are
very carefully guarded by the receive ( aka the public key cryptography )
Asymmetric Key Algorithms –
CORRECT ANSWER:
Secure Sockets Layer ( RSA )Elliptic Curve Cryptography ( ECC )
Pretty Good Privacy ( PGP )
Transport Layer Security (
TLS )
Attack Types –
about:blank 2/85
, CORRECT ANSWER: InterceptionInterruption
Modification
Fabrication
Attack types and their effect –
CORRECT ANSWER: Interception is the ONLY attack that affects on
confidentiality. Interruption, modification, and fabrication affects integrityand
availability because most of the time they're impacting data.
Attribute - based ( ABAC )
- CORRECT ANSWER: based on attributes , such as of aperson , resource , or
an environment
Auditing –
CORRECT ANSWER: the examination and review of an organization's
records to ensure accountability through technical means .
Authentication –
CORRECT ANSWER: verifying that a person is who they claim to be
Authorization –
CORRECT ANSWER: what the user can access , modify , and delete
Availability –
CORRECT ANSWER: For one's AUTHORIZED to ACCESS data whenneeded
about:blank 3/85
, BinScope Binary Analyzer –
CORRECT ANSWER: a tool developed by Microsoft toexamine source code
for general good practices
Block Cipher –
CORRECT ANSWER: takes a predetermined number of bits , known asa block , in the
plaintext message and encrypts that block
Brute Force –
CORRECT ANSWER: an attack by submitting password attempts untileventually
guessed correctly
Buffer overflows –
CORRECT ANSWER:
a vulnerability that occurs when we do not properly store the size of the data input
into our applications , causing the program tocrash and an attacker to take
advantage
Certificates –
CORRECT ANSWER: link a public key to a particular individual and areoften used
as a form of electronic identification for that particular person
Childrens ' Online Privacy Protection Act (COPPA) –
CORRECT ANSWER: sets ruleson data collection for children under 13 to
protect their online privacy
about:blank 4/85
