Page | 1
WGU Fundamentals of Information Security -
C836 Questions with Detailed Verified
Answers
CIA Triad Ans: Confidentiality, Integrity, Availability:
Essentially the balance between IT Security (Confidentiality and
Integrity,) and Business Need (Availability.)
CIA Triad - Confidentiality Ans: Addresses the importance of data
security. Data should not be exposed or accessible to parties other than
those who are authorized to interact with it.
An example of upholding the standards of this principle: Creating
authentication, authorization, and access controls to control who has
access to what information, and how each individual with access can
interact with that information.
CIA Triad - Integrity Ans: This principle mandates that data should not
be tampered with or modified in such a way as to compromise the
reliability of the information.
An example of upholding the standards of this principle: Hashing or
encrypting data as it's in transit or at rest to monitor the information for
unauthorized changes or prevent attackers from accessing the data.
, Page | 2
CIA Triad - Availability Ans: This principle focuses on the need for
businesses to balance the principles of _____________ and
_____________, whilst also allowing authorized parties to access and
interact with data.
Parkerian Hexad - Ans: A less well-known model named after Donn
Parker. Provides a somewhat more complex variation of the classic CIA
triad.
Consists of six principles:
Confidentiality
Integrity
Authenticity
Utility
Possession
Availability
Parkerian Hexad - Confidentiality Ans: Refers to our ability to protect
our data from those who are not authorized to view it. Can be
implemented at many levels of a process.
Parkerian Hexad - Integrity Ans: The ability to prevent people from
changing your data in an unauthorized or undesirable manner. To
maintain this principle, not only do you need to have the means to
prevent unauthorized changes to your data, but you need the ability to
reverse unwanted authorized changes.
, Page | 3
The difference between this Parkerian version and the CIA version: The
data must be whole and completely unchanged from its previous state.
Parkerian Hexad - Authenticity Ans: This principle allows you to say
whether you've attributed the data in question to the proper owner or
creator.
For example:
If you send an email message that is altered so that it appears to have
come from a different email address than the one from which it was
actually sent, you would be violating the ___________ of the email.
Parkerian Hexad - Utility Ans: Refers to how useful the data is to you.
This is the only principle of the Perkerian hexad that is not necessarily
binary in nature; you can have a variety of degrees of _______,
depending on the data and its format.
For example:
If we lost a shipment of backup tapes, some encrypted and some not, an
attacker or other unauthorized person would consider the encrypted
tapes to be of very little ______, as the data would not be readable.
However, the unencrypted tapes would be of much greater ________, as
the attacker or unauthorized person would be able to access the data.
Parkerian Hexad - Possession (Control) Ans: Refers to the physical
disposition of the media on which the data is stored. This enables you to
discuss your loss of the data in its physical medium without involving
other factors such as availability.
, Page | 4
For example:
If we lost a shipment of backup tapes, some encrypted and some not, we
could use this principle to describe the scope of the incident more
accurately- the encrypted tapes in the lot cause a possession problem,
but not a confidentiality problem, while the unencrypted tapes cause a
problem on both counts.
Parkerian Hexad - Availability Ans: The ability to access our data when
we need it.
Attacks - Interception Ans: These attacks allow unauthorized users to
access your data, applications, or environments, and they are primarily
attacks against confidentiality.
May take the form of unauthorized file viewing or copying, eavesdropping
on phone conversations, or reading someone else's email, and you can
conduct it against data at rest or in motion.
When executed properly, these attacks can be quite difficult to detect.
Attacks - Interruption Ans: These attacks make your assets unusable or
unavailable to you on a temporary or permanent basis.
Often affect availability but can also affect integrity as well. A DoS or
DDoS attack would be considered an availability attack. On the other
hand, if an attacker manipulated the processes on which a database runs
to prevent access to the data it contains, you might consider this an
WGU Fundamentals of Information Security -
C836 Questions with Detailed Verified
Answers
CIA Triad Ans: Confidentiality, Integrity, Availability:
Essentially the balance between IT Security (Confidentiality and
Integrity,) and Business Need (Availability.)
CIA Triad - Confidentiality Ans: Addresses the importance of data
security. Data should not be exposed or accessible to parties other than
those who are authorized to interact with it.
An example of upholding the standards of this principle: Creating
authentication, authorization, and access controls to control who has
access to what information, and how each individual with access can
interact with that information.
CIA Triad - Integrity Ans: This principle mandates that data should not
be tampered with or modified in such a way as to compromise the
reliability of the information.
An example of upholding the standards of this principle: Hashing or
encrypting data as it's in transit or at rest to monitor the information for
unauthorized changes or prevent attackers from accessing the data.
, Page | 2
CIA Triad - Availability Ans: This principle focuses on the need for
businesses to balance the principles of _____________ and
_____________, whilst also allowing authorized parties to access and
interact with data.
Parkerian Hexad - Ans: A less well-known model named after Donn
Parker. Provides a somewhat more complex variation of the classic CIA
triad.
Consists of six principles:
Confidentiality
Integrity
Authenticity
Utility
Possession
Availability
Parkerian Hexad - Confidentiality Ans: Refers to our ability to protect
our data from those who are not authorized to view it. Can be
implemented at many levels of a process.
Parkerian Hexad - Integrity Ans: The ability to prevent people from
changing your data in an unauthorized or undesirable manner. To
maintain this principle, not only do you need to have the means to
prevent unauthorized changes to your data, but you need the ability to
reverse unwanted authorized changes.
, Page | 3
The difference between this Parkerian version and the CIA version: The
data must be whole and completely unchanged from its previous state.
Parkerian Hexad - Authenticity Ans: This principle allows you to say
whether you've attributed the data in question to the proper owner or
creator.
For example:
If you send an email message that is altered so that it appears to have
come from a different email address than the one from which it was
actually sent, you would be violating the ___________ of the email.
Parkerian Hexad - Utility Ans: Refers to how useful the data is to you.
This is the only principle of the Perkerian hexad that is not necessarily
binary in nature; you can have a variety of degrees of _______,
depending on the data and its format.
For example:
If we lost a shipment of backup tapes, some encrypted and some not, an
attacker or other unauthorized person would consider the encrypted
tapes to be of very little ______, as the data would not be readable.
However, the unencrypted tapes would be of much greater ________, as
the attacker or unauthorized person would be able to access the data.
Parkerian Hexad - Possession (Control) Ans: Refers to the physical
disposition of the media on which the data is stored. This enables you to
discuss your loss of the data in its physical medium without involving
other factors such as availability.
, Page | 4
For example:
If we lost a shipment of backup tapes, some encrypted and some not, we
could use this principle to describe the scope of the incident more
accurately- the encrypted tapes in the lot cause a possession problem,
but not a confidentiality problem, while the unencrypted tapes cause a
problem on both counts.
Parkerian Hexad - Availability Ans: The ability to access our data when
we need it.
Attacks - Interception Ans: These attacks allow unauthorized users to
access your data, applications, or environments, and they are primarily
attacks against confidentiality.
May take the form of unauthorized file viewing or copying, eavesdropping
on phone conversations, or reading someone else's email, and you can
conduct it against data at rest or in motion.
When executed properly, these attacks can be quite difficult to detect.
Attacks - Interruption Ans: These attacks make your assets unusable or
unavailable to you on a temporary or permanent basis.
Often affect availability but can also affect integrity as well. A DoS or
DDoS attack would be considered an availability attack. On the other
hand, if an attacker manipulated the processes on which a database runs
to prevent access to the data it contains, you might consider this an
