WGU Fundamentals of Information Security - C836 || 100%
Verified Answers.
CIA Triad correct answers Confidentiality, Integrity, Availability:
Essentially the balance between IT Security (Confidentiality and Integrity,) and Business Need
(Availability.)
CIA Triad - Confidentiality correct answers Addresses the importance of data security. Data
should not be exposed or accessible to parties other than those who are authorized to interact
with it.
An example of upholding the standards of this principle: Creating authentication, authorization,
and access controls to control who has access to what information, and how each individual with
access can interact with that information.
CIA Triad - Integrity correct answers This principle mandates that data should not be tampered
with or modified in such a way as to compromise the reliability of the information.
An example of upholding the standards of this principle: Hashing or encrypting data as it's in
transit or at rest to monitor the information for unauthorized changes or prevent attackers from
accessing the data.
CIA Triad - Availability correct answers This principle focuses on the need for businesses to
balance the principles of _____________ and _____________, whilst also allowing authorized
parties to access and interact with data.
Information Security (InfoSec) correct answers
Parkerian Hexad - correct answers A less well-known model named after Donn Parker. Provides
a somewhat more complex variation of the classic CIA triad.
,Consists of six principles:
Confidentiality
Integrity
Authenticity
Utility
Possession
Availability
Parkerian Hexad - Confidentiality correct answers Refers to our ability to protect our data from
those who are not authorized to view it. Can be implemented at many levels of a process.
Parkerian Hexad - Integrity correct answers The ability to prevent people from changing your
data in an unauthorized or undesirable manner. To maintain this principle, not only do you need
to have the means to prevent unauthorized changes to your data, but you need the ability to
reverse unwanted authorized changes.
The difference between this Parkerian version and the CIA version: The data must be whole and
completely unchanged from its previous state.
Parkerian Hexad - Authenticity correct answers This principle allows you to say whether you've
attributed the data in question to the proper owner or creator.
For example:
If you send an email message that is altered so that it appears to have come from a different
email address than the one from which it was actually sent, you would be violating the
___________ of the email.
,Parkerian Hexad - Utility correct answers Refers to how useful the data is to you. This is the only
principle of the Perkerian hexad that is not necessarily binary in nature; you can have a variety of
degrees of _______, depending on the data and its format.
For example:
If we lost a shipment of backup tapes, some encrypted and some not, an attacker or other
unauthorized person would consider the encrypted tapes to be of very little ______, as the data
would not be readable. However, the unencrypted tapes would be of much greater ________, as
the attacker or unauthorized person would be able to access the data.
Parkerian Hexad - Possession (Control) correct answers Refers to the physical disposition of the
media on which the data is stored. This enables you to discuss your loss of the data in its physical
medium without involving other factors such as availability.
For example:
If we lost a shipment of backup tapes, some encrypted and some not, we could use this principle
to describe the scope of the incident more accurately- the encrypted tapes in the lot cause a
possession problem, but not a confidentiality problem, while the unencrypted tapes cause a
problem on both counts.
Parkerian Hexad - Availability correct answers The ability to access our data when we need it.
Attacks - Interception correct answers These attacks allow unauthorized users to access your
data, applications, or environments, and they are primarily attacks against confidentiality.
May take the form of unauthorized file viewing or copying, eavesdropping on phone
conversations, or reading someone else's email, and you can conduct it against data at rest or in
motion.
, When executed properly, these attacks can be quite difficult to detect.
Attacks - Interruption correct answers These attacks make your assets unusable or unavailable to
you on a temporary or permanent basis.
Often affect availability but can also affect integrity as well. A DoS or DDoS attack would be
considered an availability attack. On the other hand, if an attacker manipulated the processes on
which a database runs to prevent access to the data it contains, you might consider this an
integrity attack because of the possible loss or corruption of data. It could even be considered a
combination of the two.
Can also be considered a modification attack in certain contexts.
Attacks - Modification correct answers These attacks involve tampering with an asset.
Such attacks might primarily be considered attacks on integrity, but could also represent attacks
on availability.
If you access a file in an unauthorized manner and alter the data it contains, you've affected the
integrity of the file's data. However, if the file in question is a configuration file that manages
how a service behaves- perhaps one that is acting as a web server-changing the contents of the
file might affect the availability of that service. If the configuration you altered in the file for
your web server changes how the server deals with encrypted connections, you could even call
this a confidentiality attack.
Attacks - Fabrication correct answers These attacks involve generating data, processes,
communications, or other similar material with a system. Like modification and interruption
attacks, these attacks primarily affect integrity but could affect availability as well.
Generating fake information in a database would be a kind of __________ attack. You could also
generate email, a common method for propagating malware. If you generated enough additional
processes, network traffic, email, web traffic, or nearly anything else that consumes resources,
Verified Answers.
CIA Triad correct answers Confidentiality, Integrity, Availability:
Essentially the balance between IT Security (Confidentiality and Integrity,) and Business Need
(Availability.)
CIA Triad - Confidentiality correct answers Addresses the importance of data security. Data
should not be exposed or accessible to parties other than those who are authorized to interact
with it.
An example of upholding the standards of this principle: Creating authentication, authorization,
and access controls to control who has access to what information, and how each individual with
access can interact with that information.
CIA Triad - Integrity correct answers This principle mandates that data should not be tampered
with or modified in such a way as to compromise the reliability of the information.
An example of upholding the standards of this principle: Hashing or encrypting data as it's in
transit or at rest to monitor the information for unauthorized changes or prevent attackers from
accessing the data.
CIA Triad - Availability correct answers This principle focuses on the need for businesses to
balance the principles of _____________ and _____________, whilst also allowing authorized
parties to access and interact with data.
Information Security (InfoSec) correct answers
Parkerian Hexad - correct answers A less well-known model named after Donn Parker. Provides
a somewhat more complex variation of the classic CIA triad.
,Consists of six principles:
Confidentiality
Integrity
Authenticity
Utility
Possession
Availability
Parkerian Hexad - Confidentiality correct answers Refers to our ability to protect our data from
those who are not authorized to view it. Can be implemented at many levels of a process.
Parkerian Hexad - Integrity correct answers The ability to prevent people from changing your
data in an unauthorized or undesirable manner. To maintain this principle, not only do you need
to have the means to prevent unauthorized changes to your data, but you need the ability to
reverse unwanted authorized changes.
The difference between this Parkerian version and the CIA version: The data must be whole and
completely unchanged from its previous state.
Parkerian Hexad - Authenticity correct answers This principle allows you to say whether you've
attributed the data in question to the proper owner or creator.
For example:
If you send an email message that is altered so that it appears to have come from a different
email address than the one from which it was actually sent, you would be violating the
___________ of the email.
,Parkerian Hexad - Utility correct answers Refers to how useful the data is to you. This is the only
principle of the Perkerian hexad that is not necessarily binary in nature; you can have a variety of
degrees of _______, depending on the data and its format.
For example:
If we lost a shipment of backup tapes, some encrypted and some not, an attacker or other
unauthorized person would consider the encrypted tapes to be of very little ______, as the data
would not be readable. However, the unencrypted tapes would be of much greater ________, as
the attacker or unauthorized person would be able to access the data.
Parkerian Hexad - Possession (Control) correct answers Refers to the physical disposition of the
media on which the data is stored. This enables you to discuss your loss of the data in its physical
medium without involving other factors such as availability.
For example:
If we lost a shipment of backup tapes, some encrypted and some not, we could use this principle
to describe the scope of the incident more accurately- the encrypted tapes in the lot cause a
possession problem, but not a confidentiality problem, while the unencrypted tapes cause a
problem on both counts.
Parkerian Hexad - Availability correct answers The ability to access our data when we need it.
Attacks - Interception correct answers These attacks allow unauthorized users to access your
data, applications, or environments, and they are primarily attacks against confidentiality.
May take the form of unauthorized file viewing or copying, eavesdropping on phone
conversations, or reading someone else's email, and you can conduct it against data at rest or in
motion.
, When executed properly, these attacks can be quite difficult to detect.
Attacks - Interruption correct answers These attacks make your assets unusable or unavailable to
you on a temporary or permanent basis.
Often affect availability but can also affect integrity as well. A DoS or DDoS attack would be
considered an availability attack. On the other hand, if an attacker manipulated the processes on
which a database runs to prevent access to the data it contains, you might consider this an
integrity attack because of the possible loss or corruption of data. It could even be considered a
combination of the two.
Can also be considered a modification attack in certain contexts.
Attacks - Modification correct answers These attacks involve tampering with an asset.
Such attacks might primarily be considered attacks on integrity, but could also represent attacks
on availability.
If you access a file in an unauthorized manner and alter the data it contains, you've affected the
integrity of the file's data. However, if the file in question is a configuration file that manages
how a service behaves- perhaps one that is acting as a web server-changing the contents of the
file might affect the availability of that service. If the configuration you altered in the file for
your web server changes how the server deals with encrypted connections, you could even call
this a confidentiality attack.
Attacks - Fabrication correct answers These attacks involve generating data, processes,
communications, or other similar material with a system. Like modification and interruption
attacks, these attacks primarily affect integrity but could affect availability as well.
Generating fake information in a database would be a kind of __________ attack. You could also
generate email, a common method for propagating malware. If you generated enough additional
processes, network traffic, email, web traffic, or nearly anything else that consumes resources,
