WGU C836 OA Study Guide Exam with
Questions and Correct Answers Latest
Updated
CIA Triad - CORRECT ANSWERS Confidentiality, Integrity, Availability
Parkerian hexad - CORRECT ANSWERS Where the CIA triad consists of
confidentiality, integrity, and availability, the Parkerian hexad consists of these
three principles, as well as possession or control, authenticity, and utility
Confidentiality - CORRECT ANSWERS Refers to our ability to protect our data
from those who are not authorized to view it.
Confidentiality can be compromised by the loss of a laptop containing data, a
person looking over our shoulder while we type a password, an e-mail
attachment being sent to the wrong person, an attacker penetrating our
systems, or similar issues.
Integrity - CORRECT ANSWERS Refers to the ability to prevent our data from
being changed in an unauthorized or undesirable manner. This could mean the
unauthorized change or deletion of our data or portions of our data, or it could
mean an authorized, but undesirable, change or deletion of our data. To
maintain integrity, we not only need to have the means to prevent unauthorized
changes to our data but also need the ability to reverse authorized changes that
need to be undone.
Availability - CORRECT ANSWERS refers to the ability to access our data when
we need it. Loss of availability can refer to a wide variety of breaks anywhere in
the chain that allows us access to our data. Such issues can result from power
loss, operating system or application problems, network attacks, compromise
of a system, or other problems. When such issues are caused by an outside
party, such as an attacker, they are commonly referred to as a denial of service
(DoS) attack.
Possession or Control - CORRECT ANSWERS Refers to the physical
disposition of the media on which the data is stored. This enables us, without
involving other factors such as availability, to discuss our loss of the data in its
physical medium
,An example is data store be on multiple devices and there could be numerous
versions.
Authenticity - CORRECT ANSWERS Attribution as to the owner or creator of the
data in question.
Authenticity can be enforced through the use of digital signatures.
Utility - CORRECT ANSWERS Refers to how useful the data is to us.
Interception - CORRECT ANSWERS Interception attacks allow unauthorized
users to access our data, applications, or environments and are primarily an
attack against confidentiality. Interception might take the form of unauthorized
file viewing or copying, eavesdropping on phone conversations, or reading e-
mail, and can be conducted against data at rest or in motion. Properly executed,
interception attacks can be very difficult to detect.
Affects Confidentiality
Interruption - CORRECT ANSWERS Interruption attacks cause our assets to
become unusable or unavailable for our use, on a temporary or permanent
basis. Interruption attacks often affect availability but can be an attack on
integrity as well. In the case of a DoS attack on a mail server, we would classify
this as an availability attack.
Affects Integrity and availability
Modification - CORRECT ANSWERS Modification attacks involve tampering
with our asset. If we access a file in an unauthorized manner and alter the data it
contains, we have affected the integrity of the data contained in the file.
Fabrication - CORRECT ANSWERS Fabrication attacks involve generating data,
processes, communications, or other similar activities with a system.
Fabrication attacks primarily affect integrity but could be considered an
availability attack as well. If we generate spurious information in a database,
this would be considered to be a fabrication attack.
Affects Integrity and Availability
Threat - CORRECT ANSWERS Something that has potential to cause harm
Vulnerability - CORRECT ANSWERS Weaknesses that can be used to harm us
Risk - CORRECT ANSWERS Likeliness that something bad will happen
, Impact - CORRECT ANSWERS The value of the asset is used to assess if a risk
is present
Something you know - CORRECT ANSWERS Password or PIN
Something you are - CORRECT ANSWERS An authentication factor using
biometrics, such as a fingerprint scanner.
Something you have - CORRECT ANSWERS Authentication factor that relies on
possession (FOB, Card, Cell Phone, Key)
Something you do - CORRECT ANSWERS An authentication factor indicating
action, such as gestures on a touch screen.
Multifactor Authentication - CORRECT ANSWERS Uses one or more
authentication methods for access
Mutual Authentication - CORRECT ANSWERS A security mechanism that
requires that each party in a communication verify its identity.
Can be combine with multifactor authentication.
In mutual authentication, not only does the client authenticate to the server, but
the server authenticates to the client as well. Mutual authentication is often
implemented through the use of digital certificates. Both the client and the
server would have a certificate to authenticate the other.
Biometric: Universality - CORRECT ANSWERS Characteristics in the majority
of people we expect to enroll for the system.
Biometric: Uniqueness - CORRECT ANSWERS Measure of how unique a
particular characteristic is among individuals
Biometric: Permanence - CORRECT ANSWERS How well a particular
characteristic resists change over time and with advancing age.
Biometric: Collectability - CORRECT ANSWERS How easy it is to acquire a
characteristic with which we can later authenticate a user
Biometric: Performance - CORRECT ANSWERS Set of metrics that judge how
well a given system functions. Such factors include speed, accuracy, and error
rate
Biometric: Acceptability - CORRECT ANSWERS A measure of how acceptable
the particular characteristic is to the users of the system
Questions and Correct Answers Latest
Updated
CIA Triad - CORRECT ANSWERS Confidentiality, Integrity, Availability
Parkerian hexad - CORRECT ANSWERS Where the CIA triad consists of
confidentiality, integrity, and availability, the Parkerian hexad consists of these
three principles, as well as possession or control, authenticity, and utility
Confidentiality - CORRECT ANSWERS Refers to our ability to protect our data
from those who are not authorized to view it.
Confidentiality can be compromised by the loss of a laptop containing data, a
person looking over our shoulder while we type a password, an e-mail
attachment being sent to the wrong person, an attacker penetrating our
systems, or similar issues.
Integrity - CORRECT ANSWERS Refers to the ability to prevent our data from
being changed in an unauthorized or undesirable manner. This could mean the
unauthorized change or deletion of our data or portions of our data, or it could
mean an authorized, but undesirable, change or deletion of our data. To
maintain integrity, we not only need to have the means to prevent unauthorized
changes to our data but also need the ability to reverse authorized changes that
need to be undone.
Availability - CORRECT ANSWERS refers to the ability to access our data when
we need it. Loss of availability can refer to a wide variety of breaks anywhere in
the chain that allows us access to our data. Such issues can result from power
loss, operating system or application problems, network attacks, compromise
of a system, or other problems. When such issues are caused by an outside
party, such as an attacker, they are commonly referred to as a denial of service
(DoS) attack.
Possession or Control - CORRECT ANSWERS Refers to the physical
disposition of the media on which the data is stored. This enables us, without
involving other factors such as availability, to discuss our loss of the data in its
physical medium
,An example is data store be on multiple devices and there could be numerous
versions.
Authenticity - CORRECT ANSWERS Attribution as to the owner or creator of the
data in question.
Authenticity can be enforced through the use of digital signatures.
Utility - CORRECT ANSWERS Refers to how useful the data is to us.
Interception - CORRECT ANSWERS Interception attacks allow unauthorized
users to access our data, applications, or environments and are primarily an
attack against confidentiality. Interception might take the form of unauthorized
file viewing or copying, eavesdropping on phone conversations, or reading e-
mail, and can be conducted against data at rest or in motion. Properly executed,
interception attacks can be very difficult to detect.
Affects Confidentiality
Interruption - CORRECT ANSWERS Interruption attacks cause our assets to
become unusable or unavailable for our use, on a temporary or permanent
basis. Interruption attacks often affect availability but can be an attack on
integrity as well. In the case of a DoS attack on a mail server, we would classify
this as an availability attack.
Affects Integrity and availability
Modification - CORRECT ANSWERS Modification attacks involve tampering
with our asset. If we access a file in an unauthorized manner and alter the data it
contains, we have affected the integrity of the data contained in the file.
Fabrication - CORRECT ANSWERS Fabrication attacks involve generating data,
processes, communications, or other similar activities with a system.
Fabrication attacks primarily affect integrity but could be considered an
availability attack as well. If we generate spurious information in a database,
this would be considered to be a fabrication attack.
Affects Integrity and Availability
Threat - CORRECT ANSWERS Something that has potential to cause harm
Vulnerability - CORRECT ANSWERS Weaknesses that can be used to harm us
Risk - CORRECT ANSWERS Likeliness that something bad will happen
, Impact - CORRECT ANSWERS The value of the asset is used to assess if a risk
is present
Something you know - CORRECT ANSWERS Password or PIN
Something you are - CORRECT ANSWERS An authentication factor using
biometrics, such as a fingerprint scanner.
Something you have - CORRECT ANSWERS Authentication factor that relies on
possession (FOB, Card, Cell Phone, Key)
Something you do - CORRECT ANSWERS An authentication factor indicating
action, such as gestures on a touch screen.
Multifactor Authentication - CORRECT ANSWERS Uses one or more
authentication methods for access
Mutual Authentication - CORRECT ANSWERS A security mechanism that
requires that each party in a communication verify its identity.
Can be combine with multifactor authentication.
In mutual authentication, not only does the client authenticate to the server, but
the server authenticates to the client as well. Mutual authentication is often
implemented through the use of digital certificates. Both the client and the
server would have a certificate to authenticate the other.
Biometric: Universality - CORRECT ANSWERS Characteristics in the majority
of people we expect to enroll for the system.
Biometric: Uniqueness - CORRECT ANSWERS Measure of how unique a
particular characteristic is among individuals
Biometric: Permanence - CORRECT ANSWERS How well a particular
characteristic resists change over time and with advancing age.
Biometric: Collectability - CORRECT ANSWERS How easy it is to acquire a
characteristic with which we can later authenticate a user
Biometric: Performance - CORRECT ANSWERS Set of metrics that judge how
well a given system functions. Such factors include speed, accuracy, and error
rate
Biometric: Acceptability - CORRECT ANSWERS A measure of how acceptable
the particular characteristic is to the users of the system
