WGU D430 TOP GRADE FUNDAMENTALS OF INFORMATION SECURITY LATEST OVER 200 EXAM QUESTIONS AND VERIFIED ANSWERS

WGU D430 TOP GRADE FUNDAMENTALS OF INFORMATION SECURITY LATEST OVER 200 EXAM QUESTIONS AND VERIFIED ANSWERS Which type of system is considered absolutely secure? - Answer A system that is shut off and disconnected from all networks. Which concept of the CIA Triad is associated with reliability? - Answer Integrity A malicious actor has breached the firewall with a reverse shell. Which side of the CIA triad is most affected? - Answer Confidentiality A user changes a number in a dataset with a typo. Which side of the CIA triad is most affected? - Answer Integrity What is an example of identification? - Answer Username What are three forms of authentication? Choose three answers. - Answer 4 digit pin. Text of 6-digit number to phone. Fingerprint. What is an example of identification? - Answer Email Address What is an example of authentication? user name? mothers maiden name? write access? or email address? - Answer mother's maiden name What is the final step in allowing access to resources? - Answer Authorization Which example demonstrates access control? - Answer Locking and unlocking the doors of your house. Which type of access control model is a CAPTCHA an example of? - Answer Attribute-based What is a sandbox? - Answer An isolated environment that protects a set of resources Which characteristic falls under accountability? Utility? Interruption? Integrity? Identity? - Answer Identity Which tool is used for vulnerability assessment? - Answer Qualys Which standards apply to any financial entity policies? - Answer Gramm-Leech Bliley What company audits other companies for licensing requirements? - Answer BSA Which term is synonymous with symmetric cryptography? - Answer Secret key cryptography Which term is synonymous with asymmetric cryptography? - Answer Public key cryptography What are hash functions used for? - Answer Determining whether the message has changed Which method is used to protect data at rest? - Answer Encryption Which type of compliance is achieved by law? - Answer Regulatory Which type of compliance is achieved by stakeholder agreement? - Answer Industry Which two types of compliance are laws? Privacy Act? GDPR? HIPAA? Least privilege? - Answer Privacy Act and HIPPA What act deals with the online privacy of minors under 13? - Answer COPPA What protects students at certain educational institutions? - Answer FERPA What is the disadvantage of logging? - Answer Resources Which cryptographic algorithm is obsolete? - Answer Caeser cypher Which two laws protect the privacy of medical records and electronic health care information? - Answer HIPPA and HITECH What jurisdiction does the General Data Protection Regulation regulate? - Answer The European Union What are two acts that regulate heath care in the United States? Choose two answers. - Answer HIPPA and HITECH Which act regulates the United Sates department of education? - Answer FERPA Which act regulates federal departments in the United States? - Answer FISMA Which act regulates customer privacy in the finance industry? - Answer GLBA Which act regulates reporting of publicly traded companies? - Answer SOX What is one of the three states of data? - Answer Data at rest, Data in motion, Data in process Which type of algorithm is a symmetric key? ECC? RSA? Sha? or DES? - Answer DES Which type of algorithm is an asymmetric key? ECC? MD5? SHA? or DES? - Answer ECC Which two types of algorithms are hashing algorithms? MD5? 3DES? SHA? ECC? AES? or RC4? - Answer MD5 and SHA Which algorithm supports encryption for email? ECC? AES? PGP? or DES? - Answer PGP Which term refers to the process of gathering and analyzing information to support business decisions? - Answer competitive intelligence What is the correct order of steps in the Operations Security Process? - Answer Identification of critical information; Analysis of threats; Analysis of vulnerabilities; Assessment of risks; Application of countermeasures. What describes vulnerability analysis? - Answer The identification of weaknesses that can be used to cause harm. What is the weakest link in a security program? - Answer People Which type of attack is conducted on people to gather information? - Answer Social Engineering Which type of data is collected by law enforcement agents without using technology as its primary tool? - Answer Human Intelligence Which social engineering technique uses electronic communications to carry out an attack that is broad in nature? - Answer Phishing What describes competitive intelligence? - Answer The process of intelligence gathering and analysis to support business decisions. Which law of operations security discusses the need to evaluate our information assets and determine what exactly we might consider to be our critical information? 1 2 3? - Answer The second law of operations security. Which term refers to the practice of managing information gathering activities directed at an organization? - Answer Competitive Counterintelligence What describes the identification of critical information? - Answer Identification of sensitive data or assets on which a company is based, and everything depends. Which two steps are included in the operations security process? Choose two answers. - Answer Identify the information that needs protection. and Develop methods to mitigate threats and vulnerabilities. What describes risk assessment? - Answer Identification of when there is a threat and a vulnerability that the threat can exploit. Which term refers to data that provides additional details about the data? - Answe