WGU C836 Fundamentals of Information Security
Exam | Questions and Answers | Verified
Solutions | 2026 Edition | Pass Guaranteed
Save
Terms in this set (135)
Define the confidentiality, integrity, the core model of all of information security
availability (CIA) triad.
Differentiate confidentiality, Confidential is allowing only those authorized to
integrity, and availability. access the data requested.
Integrity is keeping data unaltered by Accidental
or Malicious intent.
Availability is the ability to access data when
needed.
Define information security. keeping data, software, and hardware secure
against unauthorized access, use, disclosure,
disruption, modification, or destruction
Assets should always be protected Most important: people, data
by value to the organization in this Least important: hardware/software
order:
,Define the Parkerian Hexad and its CIA triad plus:
principles. Possession/Control: the physical disposition of
the media on which the data is stored.
Authenticity: allows us to talk about the proper
attribution as to the owner or creator of the data
in question.
Utility: how useful the data is to us.
Identify the four types of attacks. Interception: allow unauthorized users to access
our data, applications, or environments.
Interruption: cause our assets to become
unusable or unavailable for our use, on a
temporary or permanent basis.
Modification: involve tampering with our asset.
Fabrication: involve generating data, processes,
communications, or other similar activities with a
system.
Compare threats, vulnerabilities, Risk: the likelihood that an event will occur. To
risk, and impact. have risk there must be a threat and vulnerability.
Threats: any events being man-made, natural or
environmental that could cause damage to assets.
Vulnerabilities: a weakness that a threat event or
the threat agent can take advantage of.
Impact: an additional step that is taking into
account the asset's cost.
Define the risk management Identify assets
process and its stages. Identify threats
Assess vulnerabilities
Assess risks
Mitigating risks
, Define the incident response the 6 step response cycle when risk management
process. practices have failed and have caused an
inconvenience to a disastrous event.
Define the incident response Preparation
process stages. Detection and analysis
Containment
Eradication
Recovery
Post incident activity (postmortem)
(Pole DAncing Cats Eyeballed Rabid Porcupines)
Define defense in depth. layering multiple controls on top on one another.
(Example: Using the 3 control types in multiple
overlapping protections. Locks on hardware server
cabinets, multilayers of authentication and policies
that control visitors in the building.)
Define compliance, including requirements that are set forth by laws and
regulatory and industry compliance. industry regulations (HIPPA/HITECH, PCI-DSS,
FISMA)
Identify types of controls to mitigate Physical: physical items that protect assets think
risk. locks, doors, guards, and, fences.
Technical/Logical: devices and software that
protect assets think firewalls, AV, IDS, and IPS.
Administrative: policies that organizations create
for governance an example acceptable use and
email use policies.
Exam | Questions and Answers | Verified
Solutions | 2026 Edition | Pass Guaranteed
Save
Terms in this set (135)
Define the confidentiality, integrity, the core model of all of information security
availability (CIA) triad.
Differentiate confidentiality, Confidential is allowing only those authorized to
integrity, and availability. access the data requested.
Integrity is keeping data unaltered by Accidental
or Malicious intent.
Availability is the ability to access data when
needed.
Define information security. keeping data, software, and hardware secure
against unauthorized access, use, disclosure,
disruption, modification, or destruction
Assets should always be protected Most important: people, data
by value to the organization in this Least important: hardware/software
order:
,Define the Parkerian Hexad and its CIA triad plus:
principles. Possession/Control: the physical disposition of
the media on which the data is stored.
Authenticity: allows us to talk about the proper
attribution as to the owner or creator of the data
in question.
Utility: how useful the data is to us.
Identify the four types of attacks. Interception: allow unauthorized users to access
our data, applications, or environments.
Interruption: cause our assets to become
unusable or unavailable for our use, on a
temporary or permanent basis.
Modification: involve tampering with our asset.
Fabrication: involve generating data, processes,
communications, or other similar activities with a
system.
Compare threats, vulnerabilities, Risk: the likelihood that an event will occur. To
risk, and impact. have risk there must be a threat and vulnerability.
Threats: any events being man-made, natural or
environmental that could cause damage to assets.
Vulnerabilities: a weakness that a threat event or
the threat agent can take advantage of.
Impact: an additional step that is taking into
account the asset's cost.
Define the risk management Identify assets
process and its stages. Identify threats
Assess vulnerabilities
Assess risks
Mitigating risks
, Define the incident response the 6 step response cycle when risk management
process. practices have failed and have caused an
inconvenience to a disastrous event.
Define the incident response Preparation
process stages. Detection and analysis
Containment
Eradication
Recovery
Post incident activity (postmortem)
(Pole DAncing Cats Eyeballed Rabid Porcupines)
Define defense in depth. layering multiple controls on top on one another.
(Example: Using the 3 control types in multiple
overlapping protections. Locks on hardware server
cabinets, multilayers of authentication and policies
that control visitors in the building.)
Define compliance, including requirements that are set forth by laws and
regulatory and industry compliance. industry regulations (HIPPA/HITECH, PCI-DSS,
FISMA)
Identify types of controls to mitigate Physical: physical items that protect assets think
risk. locks, doors, guards, and, fences.
Technical/Logical: devices and software that
protect assets think firewalls, AV, IDS, and IPS.
Administrative: policies that organizations create
for governance an example acceptable use and
email use policies.