WGU C836 OA STUDY GUIDE
(OVERLY INFORMATIVE)
QUESTIONS & ANSWERS!!
CIA Triad - ANSWERConfidentiality, Integrity, Availability
Parkerian hexad - ANSWERWhere the CIA triad consists of confidentiality, integrity,
and availability, the Parkerian hexad consists of these three principles, as well as
possession or control, authenticity, and utility
Confidentiality - ANSWERRefers to our ability to protect our data from those who are
not authorized to view it.
Confidentiality can be compromised by the loss of a laptop containing data, a person
looking over our shoulder while we type a password, an e-mail attachment being
sent to the wrong person, an attacker penetrating our systems, or similar issues.
Integrity - ANSWERRefers to the ability to prevent our data from being changed in
an unauthorized or undesirable manner. This could mean the unauthorized change
or deletion of our data or portions of our data, or it could mean an authorized, but
undesirable, change or deletion of our data. To maintain integrity, we not only need
to have the means to prevent unauthorized changes to our data but also need the
ability to reverse authorized changes that need to be undone.
Availability - ANSWERrefers to the ability to access our data when we need it. Loss
of availability can refer to a wide variety of breaks anywhere in the chain that allows
us access to our data. Such issues can result from power loss, operating system or
application problems, network attacks, compromise of a system, or other problems.
When such issues are caused by an outside party, such as an attacker, they are
commonly referred to as a denial of service (DoS) attack.
Biometric: Acceptability - ANSWERA measure of how acceptable the particular
characteristic is to the users of the system
Biometric: Circumvention - ANSWERDescribes the ease with which a system can be
tricked by a falsified biometric identifier.
Risk Management Process - ANSWER1. Identify Asset
2. Identify Threats
3. Assess Vulnerabilities
4. Assess Risk
5. Mitigate Risk
Logical Controls - ANSWERSometimes called technical controls, these protect the
systems, networks, and environments that process, transmit, and store our data
, Possession or Control - ANSWERRefers to the physical disposition of the media on
which the data is stored. This enables us, without involving other factors such as
availability, to discuss our loss of the data in its physical medium
An example is data store be on multiple devices and there could be numerous
versions.
Authenticity - ANSWERAttribution as to the owner or creator of the data in question.
Authenticity can be enforced through the use of digital signatures.
Utility - ANSWERRefers to how useful the data is to us.
Interception - ANSWERInterception attacks allow unauthorized users to access our
data, applications, or environments and are primarily an attack against
confidentiality. Interception might take the form of unauthorized file viewing or
copying, eavesdropping on phone conversations, or reading e-mail, and can be
conducted against data at rest or in motion. Properly executed, interception attacks
can be very difficult to detect.
Affects Confidentiality
Interruption - ANSWERInterruption attacks cause our assets to become unusable or
unavailable for our use, on a temporary or permanent basis. Interruption attacks
often affect availability but can be an attack on integrity as well. In the case of a DoS
attack on a mail server, we would classify this as an availability attack.
Affects Integrity and availability
Modification - ANSWERModification attacks involve tampering with our asset. If we
access a file in an unauthorized manner and alter the data it contains, we have
affected the integrity of the data contained in the file.
Fabrication - ANSWERFabrication attacks involve generating data, processes,
communications, or other similar activities with a system. Fabrication attacks
primarily affect integrity but could be considered an availability attack as well. If we
generate spurious information in a database, this would be considered to be a
fabrication attack.
Affects Integrity and Availability
Threat - ANSWERSomething that has potential to cause harm
Vulnerability - ANSWERWeaknesses that can be used to harm us
Risk - ANSWERLikeliness that something bad will happen
Impact - ANSWERThe value of the asset is used to assess if a risk is present
Something you know - ANSWERPassword or PIN
(OVERLY INFORMATIVE)
QUESTIONS & ANSWERS!!
CIA Triad - ANSWERConfidentiality, Integrity, Availability
Parkerian hexad - ANSWERWhere the CIA triad consists of confidentiality, integrity,
and availability, the Parkerian hexad consists of these three principles, as well as
possession or control, authenticity, and utility
Confidentiality - ANSWERRefers to our ability to protect our data from those who are
not authorized to view it.
Confidentiality can be compromised by the loss of a laptop containing data, a person
looking over our shoulder while we type a password, an e-mail attachment being
sent to the wrong person, an attacker penetrating our systems, or similar issues.
Integrity - ANSWERRefers to the ability to prevent our data from being changed in
an unauthorized or undesirable manner. This could mean the unauthorized change
or deletion of our data or portions of our data, or it could mean an authorized, but
undesirable, change or deletion of our data. To maintain integrity, we not only need
to have the means to prevent unauthorized changes to our data but also need the
ability to reverse authorized changes that need to be undone.
Availability - ANSWERrefers to the ability to access our data when we need it. Loss
of availability can refer to a wide variety of breaks anywhere in the chain that allows
us access to our data. Such issues can result from power loss, operating system or
application problems, network attacks, compromise of a system, or other problems.
When such issues are caused by an outside party, such as an attacker, they are
commonly referred to as a denial of service (DoS) attack.
Biometric: Acceptability - ANSWERA measure of how acceptable the particular
characteristic is to the users of the system
Biometric: Circumvention - ANSWERDescribes the ease with which a system can be
tricked by a falsified biometric identifier.
Risk Management Process - ANSWER1. Identify Asset
2. Identify Threats
3. Assess Vulnerabilities
4. Assess Risk
5. Mitigate Risk
Logical Controls - ANSWERSometimes called technical controls, these protect the
systems, networks, and environments that process, transmit, and store our data
, Possession or Control - ANSWERRefers to the physical disposition of the media on
which the data is stored. This enables us, without involving other factors such as
availability, to discuss our loss of the data in its physical medium
An example is data store be on multiple devices and there could be numerous
versions.
Authenticity - ANSWERAttribution as to the owner or creator of the data in question.
Authenticity can be enforced through the use of digital signatures.
Utility - ANSWERRefers to how useful the data is to us.
Interception - ANSWERInterception attacks allow unauthorized users to access our
data, applications, or environments and are primarily an attack against
confidentiality. Interception might take the form of unauthorized file viewing or
copying, eavesdropping on phone conversations, or reading e-mail, and can be
conducted against data at rest or in motion. Properly executed, interception attacks
can be very difficult to detect.
Affects Confidentiality
Interruption - ANSWERInterruption attacks cause our assets to become unusable or
unavailable for our use, on a temporary or permanent basis. Interruption attacks
often affect availability but can be an attack on integrity as well. In the case of a DoS
attack on a mail server, we would classify this as an availability attack.
Affects Integrity and availability
Modification - ANSWERModification attacks involve tampering with our asset. If we
access a file in an unauthorized manner and alter the data it contains, we have
affected the integrity of the data contained in the file.
Fabrication - ANSWERFabrication attacks involve generating data, processes,
communications, or other similar activities with a system. Fabrication attacks
primarily affect integrity but could be considered an availability attack as well. If we
generate spurious information in a database, this would be considered to be a
fabrication attack.
Affects Integrity and Availability
Threat - ANSWERSomething that has potential to cause harm
Vulnerability - ANSWERWeaknesses that can be used to harm us
Risk - ANSWERLikeliness that something bad will happen
Impact - ANSWERThe value of the asset is used to assess if a risk is present
Something you know - ANSWERPassword or PIN
