WGU C725 TEST BANK 2025 MASTER'S COURSE
INFORMATION SECURITY AND ASSURANCE 2025
TEST BANK REAL EXAM QUESTIONS AND CORRECT
ANSWERS| GRADE A+ WITH VERIFIED SOLUTIONS
Code of Ethics Canons' described under 'Protect society, the commonwealth, and
the infrastructure - ...(ANSWERS)....1. Promote and preserve public trust and
confidence in information and systems. 2. Promote the understanding and
acceptance of prudent information security measures. 3. Preserve and strengthen
the integrity of the public infrastructure. 4. Discourage unsafe practice.
Role Based Access Control (RBAC) - ...(ANSWERS)....A Role Based Access Control
(RBAC) model can group users into roles based on the organization's hierarchy,
and it is a nondiscretionary access control model. A nondiscretionary access
control model uses a central authority to determine which objects that subjects
can access.
The preventions to reduce the potential for data breach are: - ...(ANSWERS)....1.
Support for controls from management 2. Policies based on business objectives 3.
A complete understanding of the types of control required 4. A cost analysis of
controls and cost assessment of a potential breach 5. Employee security
education, training, and awareness
Capability tables - ...(ANSWERS)....Capability tables are created for each subject,
and they identify the objects that the subject can access. It includes the
authorization rights of the access control subject such as read, write, execute, and
so on.
,ACLs (access control lists) - ...(ANSWERS)....ACLs (access control lists) are lists of
subjects that are authorized to access a specific object.
access control matrix - ...(ANSWERS)....An access control matrix is a table that
includes subjects, objects, and assigned privileges.
Aggregation - ...(ANSWERS)....Aggregation is a process in which a user collects
and combines information from various sources to obtain complete information.
The individual parts of information are at the correct sensitivity, but the
combined information is not. A user can combine information available at a lower
privilege, thereby reducing the information at a higher privilege level.
inference attacks - ...(ANSWERS)....inference attacks, where the subject deduces
the complete information about an object from the bits of information collected
through aggregation. Therefore, inference is the ability of a subject to derive
implicit information. A protection mechanism to limit inferencing of information
in statistical database queries is specifying a minimum query set size, but
prohibiting the querying of all but one of the records in the database.
Polyinstantiation - ...(ANSWERS)....Polyinstantiation, also known as data
contamination, is used to conceal classified information that exists in a database
and to fool intruders. Polyinstantiation ensures that users with lower access level
are not able to access and modify data categorized for a higher level of access in a
multi-level database. Polyinstantiation can be used to reduce data inference
violations. When polyinstantiation is implemented, two objects are created by
using the same primary keys. One object is filled with incorrect information and is
deemed unclassified, and the other object contains the original classified
information. When a user with lower level privileges attempts to access the
object, the user is directed to the object containing incorrect information.
, Polyinstantiation is concerned with the same primary key existing at different
classification levels in the same database.
Scavenging - ...(ANSWERS)....Scavenging, also referred to as browsing, involves
looking for information without knowing its format. Scavenging is searching the
data residue in a system to gain unauthorized knowledge of sensitive data.
Identification - ...(ANSWERS)....Identification is the method used by a user or
process to claim who they are or to assert who they claim to be. Identification
involved supplying your user name, account number, or some other form of
personal identification. It is the means by which a user provides a claim of his or
her identity to a system.
Authentication - ...(ANSWERS)....Authentication is the process of being
recognized by a system. Authentication involves supplying a second piece of
information, such as a password, that is checked against a database for accuracy.
If this piece of information matches the stored information, the subject is
authenticated. It is the testing or reconciliation of evidence of a user's identity.
Components of the Common Criteria protection profile - ...(ANSWERS)....The
protection profile contains a set of security requirements including functionality
and assurance criteria for a product and the rationale behind such requirements.
The corresponding evaluation assurance level (EAL) rating intended for the
product is also specified. The environmental conditions, the expected functional,
the assurance levels, and the product objectives are also included in the
protection profile when the product is evaluated by the Common Criteria for a
target evaluation rating. Evaluation tests are performed for the targeted rating
awarded to the target of evaluation, and the results are verified before granting
an EAL rating to the intended product. Components of the Common Criteria
INFORMATION SECURITY AND ASSURANCE 2025
TEST BANK REAL EXAM QUESTIONS AND CORRECT
ANSWERS| GRADE A+ WITH VERIFIED SOLUTIONS
Code of Ethics Canons' described under 'Protect society, the commonwealth, and
the infrastructure - ...(ANSWERS)....1. Promote and preserve public trust and
confidence in information and systems. 2. Promote the understanding and
acceptance of prudent information security measures. 3. Preserve and strengthen
the integrity of the public infrastructure. 4. Discourage unsafe practice.
Role Based Access Control (RBAC) - ...(ANSWERS)....A Role Based Access Control
(RBAC) model can group users into roles based on the organization's hierarchy,
and it is a nondiscretionary access control model. A nondiscretionary access
control model uses a central authority to determine which objects that subjects
can access.
The preventions to reduce the potential for data breach are: - ...(ANSWERS)....1.
Support for controls from management 2. Policies based on business objectives 3.
A complete understanding of the types of control required 4. A cost analysis of
controls and cost assessment of a potential breach 5. Employee security
education, training, and awareness
Capability tables - ...(ANSWERS)....Capability tables are created for each subject,
and they identify the objects that the subject can access. It includes the
authorization rights of the access control subject such as read, write, execute, and
so on.
,ACLs (access control lists) - ...(ANSWERS)....ACLs (access control lists) are lists of
subjects that are authorized to access a specific object.
access control matrix - ...(ANSWERS)....An access control matrix is a table that
includes subjects, objects, and assigned privileges.
Aggregation - ...(ANSWERS)....Aggregation is a process in which a user collects
and combines information from various sources to obtain complete information.
The individual parts of information are at the correct sensitivity, but the
combined information is not. A user can combine information available at a lower
privilege, thereby reducing the information at a higher privilege level.
inference attacks - ...(ANSWERS)....inference attacks, where the subject deduces
the complete information about an object from the bits of information collected
through aggregation. Therefore, inference is the ability of a subject to derive
implicit information. A protection mechanism to limit inferencing of information
in statistical database queries is specifying a minimum query set size, but
prohibiting the querying of all but one of the records in the database.
Polyinstantiation - ...(ANSWERS)....Polyinstantiation, also known as data
contamination, is used to conceal classified information that exists in a database
and to fool intruders. Polyinstantiation ensures that users with lower access level
are not able to access and modify data categorized for a higher level of access in a
multi-level database. Polyinstantiation can be used to reduce data inference
violations. When polyinstantiation is implemented, two objects are created by
using the same primary keys. One object is filled with incorrect information and is
deemed unclassified, and the other object contains the original classified
information. When a user with lower level privileges attempts to access the
object, the user is directed to the object containing incorrect information.
, Polyinstantiation is concerned with the same primary key existing at different
classification levels in the same database.
Scavenging - ...(ANSWERS)....Scavenging, also referred to as browsing, involves
looking for information without knowing its format. Scavenging is searching the
data residue in a system to gain unauthorized knowledge of sensitive data.
Identification - ...(ANSWERS)....Identification is the method used by a user or
process to claim who they are or to assert who they claim to be. Identification
involved supplying your user name, account number, or some other form of
personal identification. It is the means by which a user provides a claim of his or
her identity to a system.
Authentication - ...(ANSWERS)....Authentication is the process of being
recognized by a system. Authentication involves supplying a second piece of
information, such as a password, that is checked against a database for accuracy.
If this piece of information matches the stored information, the subject is
authenticated. It is the testing or reconciliation of evidence of a user's identity.
Components of the Common Criteria protection profile - ...(ANSWERS)....The
protection profile contains a set of security requirements including functionality
and assurance criteria for a product and the rationale behind such requirements.
The corresponding evaluation assurance level (EAL) rating intended for the
product is also specified. The environmental conditions, the expected functional,
the assurance levels, and the product objectives are also included in the
protection profile when the product is evaluated by the Common Criteria for a
target evaluation rating. Evaluation tests are performed for the targeted rating
awarded to the target of evaluation, and the results are verified before granting
an EAL rating to the intended product. Components of the Common Criteria
