WGU D430 fundamentals of information security
Exam 246 Questions with Verified Answers
protecting data, software, and hardware secure against unauthorized access, use,
disclosure, disruption, modification, or destruction. - CORRECT ANSWER
Information security
The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies - CORRECT ANSWER Compliance
Disclosure, alteration, and denial - CORRECT ANSWER DAD Triad
The core model of all information security concepts. Confidential, integrity and
availability - CORRECT ANSWER CIA Triad
Ability to protect our data from those who are not authorized to view it. -
CORRECT ANSWER Confidential
- lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc. - CORRECT ANSWER What ways can
confidentiality be compromised?
,Keeping data unaltered by accidental or malicious intent - CORRECT ANSWER
integrity
Prevent unauthorized changes to the data and the ability to reverse unwanted
authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes. - CORRECT
ANSWER How to maintain integrity?
The ability to access data when needed - CORRECT ANSWER Availability
- Power loss
- Application issues
- Network attacks
- System compromised (DoS) - CORRECT ANSWER Ways Availability can be
compromised
Security problem in which users are not able to access an information system; can
be caused by human errors, natural disaster, or malicious activity. - CORRECT
ANSWER Denial of Service (DoS)
A model that adds three more principles to the CIA triad:
Possession/Control
,Utility
Authenticity - CORRECT ANSWER Parkerian hexad model
Refers to the physical disposition of the media on which the data is stored; This
allows you to discuss loss of data via its physical medium. - CORRECT ANSWER
Possession/ control
Lost package (encrypted USB's and unencrypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is
compromised only via possession). - CORRECT ANSWER Principle of Possession
example
Allows you to say whether you've attributed the data in question to the proper
owner/creator. - CORRECT ANSWER Principle of Authenticity
Sending an email but altering the message to look like it came from someone else,
than the original one that was sent. - CORRECT ANSWER Ways authenticity can be
compromised
How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility). - CORRECT ANSWER
Utility
, Broken down from the type of attack, risk the attack represents, and controls you
might use to mitigate it. - CORRECT ANSWER Security Attacks
1- interception
2- interruption
3- modification
4- fabrication - CORRECT ANSWER Types of attacks
Attacks allows unauthorized users to access our data, applications, or
environments.
Primarily an attack against confidentiality - CORRECT ANSWER Interception
Unauthorized file viewing, copying, eavesdropping on phone conversations,
reading someone's emails. - CORRECT ANSWER Interception Attack Examples
Attacks cause our assets to become unstable or unavailable for our use, on a
temporary or permanent basis.
This attack affects availability but can also attack integrity - CORRECT ANSWER
Interruption
DoS attack on a mail server; availability attack
Exam 246 Questions with Verified Answers
protecting data, software, and hardware secure against unauthorized access, use,
disclosure, disruption, modification, or destruction. - CORRECT ANSWER
Information security
The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies - CORRECT ANSWER Compliance
Disclosure, alteration, and denial - CORRECT ANSWER DAD Triad
The core model of all information security concepts. Confidential, integrity and
availability - CORRECT ANSWER CIA Triad
Ability to protect our data from those who are not authorized to view it. -
CORRECT ANSWER Confidential
- lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc. - CORRECT ANSWER What ways can
confidentiality be compromised?
,Keeping data unaltered by accidental or malicious intent - CORRECT ANSWER
integrity
Prevent unauthorized changes to the data and the ability to reverse unwanted
authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes. - CORRECT
ANSWER How to maintain integrity?
The ability to access data when needed - CORRECT ANSWER Availability
- Power loss
- Application issues
- Network attacks
- System compromised (DoS) - CORRECT ANSWER Ways Availability can be
compromised
Security problem in which users are not able to access an information system; can
be caused by human errors, natural disaster, or malicious activity. - CORRECT
ANSWER Denial of Service (DoS)
A model that adds three more principles to the CIA triad:
Possession/Control
,Utility
Authenticity - CORRECT ANSWER Parkerian hexad model
Refers to the physical disposition of the media on which the data is stored; This
allows you to discuss loss of data via its physical medium. - CORRECT ANSWER
Possession/ control
Lost package (encrypted USB's and unencrypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is
compromised only via possession). - CORRECT ANSWER Principle of Possession
example
Allows you to say whether you've attributed the data in question to the proper
owner/creator. - CORRECT ANSWER Principle of Authenticity
Sending an email but altering the message to look like it came from someone else,
than the original one that was sent. - CORRECT ANSWER Ways authenticity can be
compromised
How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility). - CORRECT ANSWER
Utility
, Broken down from the type of attack, risk the attack represents, and controls you
might use to mitigate it. - CORRECT ANSWER Security Attacks
1- interception
2- interruption
3- modification
4- fabrication - CORRECT ANSWER Types of attacks
Attacks allows unauthorized users to access our data, applications, or
environments.
Primarily an attack against confidentiality - CORRECT ANSWER Interception
Unauthorized file viewing, copying, eavesdropping on phone conversations,
reading someone's emails. - CORRECT ANSWER Interception Attack Examples
Attacks cause our assets to become unstable or unavailable for our use, on a
temporary or permanent basis.
This attack affects availability but can also attack integrity - CORRECT ANSWER
Interruption
DoS attack on a mail server; availability attack
