WGU C725| latest COMPREHENSIVE QUESTIONS
AND WELL DETAILED ANSWERS (100% Correct
solutions) ALREADY GRADED A+
Code of Ethics Canons' described under 'Protect society, the commonwealth, and the
infrastructure -CORRECTANSWER 1. Promote and preserve public trust and
confidence in information and systems. 2. Promote the understanding and acceptance
of prudent information security measures. 3. Preserve and strengthen the integrity of the
public infrastructure. 4. Discourage unsafe practice.
Role Based Access Control (RBAC) -CORRECTANSWER A Role Based Access
Control (RBAC) model can group users into roles based on the organization's hierarchy,
and it is a nondiscretionary access control model. A nondiscretionary access control
model uses a central authority to determine which objects that subjects can access.
The preventions to reduce the potential for data breach are: -CORRECTANSWER 1.
Support for controls from management 2. Policies based on business objectives 3. A
complete understanding of the types of control required 4. A cost analysis of controls
and cost assessment of a potential breach 5. Employee security education, training, and
awareness
Capability tables -CORRECTANSWER Capability tables are created for each subject,
and they identify the objects that the subject can access. It includes the authorization
rights of the access control subject such as read, write, execute, and so on.
,ACLs (access control lists) -CORRECTANSWER ACLs (access control lists) are lists of
subjects that are authorized to access a specific object.
access control matrix -CORRECTANSWER An access control matrix is a table that
includes subjects, objects, and assigned privileges.
Aggregation -CORRECTANSWER Aggregation is a process in which a user collects
and combines information from various sources to obtain complete information. The
individual parts of information are at the correct sensitivity, but the combined information
is not. A user can combine information available at a lower privilege, thereby reducing
the information at a higher privilege level.
inference attacks -CORRECTANSWER inference attacks, where the subject deduces
the complete information about an object from the bits of information collected through
aggregation. Therefore, inference is the ability of a subject to derive implicit information.
A protection mechanism to limit inferencing of information in statistical database queries
is specifying a minimum query set size, but prohibiting the querying of all but one of the
records in the database.
Polyinstantiation -CORRECTANSWER Polyinstantiation, also known as data
contamination, is used to conceal classified information that exists in a database and to
fool intruders. Polyinstantiation ensures that users with lower access level are not able
,to access and modify data categorized for a higher level of access in a multi-level
database. Polyinstantiation can be used to reduce data inference violations. When
polyinstantiation is implemented, two objects are created by using the same primary
keys. One object is filled with incorrect information and is deemed unclassified, and the
other object contains the original classified information. When a user with lower level
privileges attempts to access the object, the user is directed to the object containing
incorrect information. Polyinstantiation is concerned with the same primary key existing
at different classification levels in the same database.
Scavenging -CORRECTANSWER Scavenging, also referred to as browsing, involves
looking for information without knowing its format. Scavenging is searching the data
residue in a system to gain unauthorized knowledge of sensitive data.
Identification -CORRECTANSWER Identification is the method used by a user or
process to claim who they are or to assert who they claim to be. Identification involved
supplying your user name, account number, or some other form of personal
identification. It is the means by which a user provides a claim of his or her identity to a
system.
Authentication -CORRECTANSWER Authentication is the process of being recognized
by a system. Authentication involves supplying a second piece of information, such as a
password, that is checked against a database for accuracy. If this piece of information
, matches the stored information, the subject is authenticated. It is the testing or
reconciliation of evidence of a user's identity.
Components of the Common Criteria protection profile -CORRECTANSWER The
protection profile contains a set of security requirements including functionality and
assurance criteria for a product and the rationale behind such requirements. The
corresponding evaluation assurance level (EAL) rating intended for the product is also
specified. The environmental conditions, the expected functional, the assurance levels,
and the product objectives are also included in the protection profile when the product is
evaluated by the Common Criteria for a target evaluation rating. Evaluation tests are
performed for the targeted rating awarded to the target of evaluation, and the results are
verified before granting an EAL rating to the intended product. Components of the
Common Criteria protection profile include Target of Evaluation (TOE) description,
threats against the product that must be addressed, and security objectives.
RADIUS -CORRECTANSWER RADIUS is a AAA protocol that provides authentication,
authorization, and accounting services. It centralizes authentication for remote dial-up
connections. It is used when an organization has more than one remote access server.
Which policies provide protection against remote maintenance PBX attacks? -
CORRECTANSWER 1. Turn off the remote maintenance features when not needed. 2.
Use strong authentication on the remote maintenance ports. 3. Keep PBX terminals in a
locked, restricted area. 4. Replace or disable embedded logins and passwords.
AND WELL DETAILED ANSWERS (100% Correct
solutions) ALREADY GRADED A+
Code of Ethics Canons' described under 'Protect society, the commonwealth, and the
infrastructure -CORRECTANSWER 1. Promote and preserve public trust and
confidence in information and systems. 2. Promote the understanding and acceptance
of prudent information security measures. 3. Preserve and strengthen the integrity of the
public infrastructure. 4. Discourage unsafe practice.
Role Based Access Control (RBAC) -CORRECTANSWER A Role Based Access
Control (RBAC) model can group users into roles based on the organization's hierarchy,
and it is a nondiscretionary access control model. A nondiscretionary access control
model uses a central authority to determine which objects that subjects can access.
The preventions to reduce the potential for data breach are: -CORRECTANSWER 1.
Support for controls from management 2. Policies based on business objectives 3. A
complete understanding of the types of control required 4. A cost analysis of controls
and cost assessment of a potential breach 5. Employee security education, training, and
awareness
Capability tables -CORRECTANSWER Capability tables are created for each subject,
and they identify the objects that the subject can access. It includes the authorization
rights of the access control subject such as read, write, execute, and so on.
,ACLs (access control lists) -CORRECTANSWER ACLs (access control lists) are lists of
subjects that are authorized to access a specific object.
access control matrix -CORRECTANSWER An access control matrix is a table that
includes subjects, objects, and assigned privileges.
Aggregation -CORRECTANSWER Aggregation is a process in which a user collects
and combines information from various sources to obtain complete information. The
individual parts of information are at the correct sensitivity, but the combined information
is not. A user can combine information available at a lower privilege, thereby reducing
the information at a higher privilege level.
inference attacks -CORRECTANSWER inference attacks, where the subject deduces
the complete information about an object from the bits of information collected through
aggregation. Therefore, inference is the ability of a subject to derive implicit information.
A protection mechanism to limit inferencing of information in statistical database queries
is specifying a minimum query set size, but prohibiting the querying of all but one of the
records in the database.
Polyinstantiation -CORRECTANSWER Polyinstantiation, also known as data
contamination, is used to conceal classified information that exists in a database and to
fool intruders. Polyinstantiation ensures that users with lower access level are not able
,to access and modify data categorized for a higher level of access in a multi-level
database. Polyinstantiation can be used to reduce data inference violations. When
polyinstantiation is implemented, two objects are created by using the same primary
keys. One object is filled with incorrect information and is deemed unclassified, and the
other object contains the original classified information. When a user with lower level
privileges attempts to access the object, the user is directed to the object containing
incorrect information. Polyinstantiation is concerned with the same primary key existing
at different classification levels in the same database.
Scavenging -CORRECTANSWER Scavenging, also referred to as browsing, involves
looking for information without knowing its format. Scavenging is searching the data
residue in a system to gain unauthorized knowledge of sensitive data.
Identification -CORRECTANSWER Identification is the method used by a user or
process to claim who they are or to assert who they claim to be. Identification involved
supplying your user name, account number, or some other form of personal
identification. It is the means by which a user provides a claim of his or her identity to a
system.
Authentication -CORRECTANSWER Authentication is the process of being recognized
by a system. Authentication involves supplying a second piece of information, such as a
password, that is checked against a database for accuracy. If this piece of information
, matches the stored information, the subject is authenticated. It is the testing or
reconciliation of evidence of a user's identity.
Components of the Common Criteria protection profile -CORRECTANSWER The
protection profile contains a set of security requirements including functionality and
assurance criteria for a product and the rationale behind such requirements. The
corresponding evaluation assurance level (EAL) rating intended for the product is also
specified. The environmental conditions, the expected functional, the assurance levels,
and the product objectives are also included in the protection profile when the product is
evaluated by the Common Criteria for a target evaluation rating. Evaluation tests are
performed for the targeted rating awarded to the target of evaluation, and the results are
verified before granting an EAL rating to the intended product. Components of the
Common Criteria protection profile include Target of Evaluation (TOE) description,
threats against the product that must be addressed, and security objectives.
RADIUS -CORRECTANSWER RADIUS is a AAA protocol that provides authentication,
authorization, and accounting services. It centralizes authentication for remote dial-up
connections. It is used when an organization has more than one remote access server.
Which policies provide protection against remote maintenance PBX attacks? -
CORRECTANSWER 1. Turn off the remote maintenance features when not needed. 2.
Use strong authentication on the remote maintenance ports. 3. Keep PBX terminals in a
locked, restricted area. 4. Replace or disable embedded logins and passwords.
