Information Security and Assurance – WGU C725:
Questions & Answers (Expert Verified)
Information security is primarily a discipline to manage the behavior of _____.
A. Technology
B. People
C. Processes
D. Organizations Right Ans - People
Careers in information security are booming because of which of the following
factors?
A. Threats of cyberterrorism
B. Government regulations
C. Growth of the Internet
D. All of these Right Ans - All of these
A program for information security should include which of the following
elements?
A. Security policies and procedures
B. Intentional attacks only
C. Unintentional attacks only
D. None of these Right Ans - Security policies and procedures
Explanation: Answer A is correct.
The Carnegie Melon Information Network Institute (INI) designed programs
to carry out multiple tasks including Information Security Policies.
The growing demand for InfoSec specialists is occurring predominantly in
which of the following types of organizations?
A. Government
B. Corporations
C. Not-for-profit foundations
,D. All of these Right Ans - D. All of these
The concept of the measures used to ensure the protection of the secrecy of
data, objects, or resources. Right Ans - Confidentiality
A catchall safe rating for any box with a lock on it. This rating describes the
thickness of the steel used to make the lockbox. No actual testing is performed
to gain this rating. Right Ans - B-Rate Safe Rating
This safe rating is defined as a variably thick steel box with a 1-inch-thick door
and a lock. No tests are conducted to provide this rating, either. Right Ans -
C-Rate Safe Rating
Safes with an Underwriters Laboratory rating that have passed standardized
tests as defined in Underwriters Laboratory Standard 687 using tools and an
expert group of safe-testing engineers. The safe rating label requires that the
safe be constructed of 1-inch solid steel or equivalent. The label means that
the safe has been tested for a net working time of 15 minutes using "common
hand tools, drills, punches hammers, and pressure applying devices." Net
working time means that when the tool comes off the safe, the clock stops.
Engineers exercise more than 50 different types of attacks that have proven
effective for safecracking. Right Ans - UL TL-15 Safe Rating
This Underwriters Laboratory rating testing is essentially the same as the TL-
15 testing, except for the net working time. Testers get 30 minutes and a few
more tools to help them gain access. Testing engineers usually have a safe's
manufacturing blueprints and can disassemble the safe before the test begins
to see how it works. Right Ans - UL TL-30 Safe Rating
Related to information security, confidentiality is the opposite of which of the
following?
A. Closure
B. Disclosure
C. Disaster
D. Disposal Right Ans - B. Disclosure
Explanation:
,Confidentiality models are primarily intended to ensure that no unauthorized
access to information is permitted and that accidental disclosure of sensitive
information is not possible.
Integrity models have which of the three goals:
A. Prevent unauthorized users from making modifications to data or programs
B. Prevent authorized users from making improper or unauthorized
modifications
C. Maintain internal and external consistency of data and programs
D. All of these Right Ans - D. All of these
Explanation:
Integrity models keep data pure and trustworthy by protecting system data
from intentional or accidental changes.
Information security professionals usually address which of these three
common challenges to availability:
A. Denial of service (DoS) due to intentional attacks or because of
undiscovered flaws in implementation (for example, a program written by a
programmer who is unaware of a flaw that could crash the program if a
certain unexpected input is encountered)
B. Loss of information system capabilities because of natural disasters (fires,
floods, storms, or earthquakes) or human actions (bombs or strikes)
C. Equipment failures during normal use.
D. All of these Right Ans - D. All of these
Explanation:
Availability models keep data and resources available for authorized use,
especially during emergencies or disasters.
Which of the following represents the three goals of information security?
A. Confidentiality, integrity, and availability
B. Prevention, detection, and response
C. People controls, process controls, and technology controls
, D. Network security, PC security, and mainframe security Right Ans - A.
Confidentiality, integrity, and availability
Explanation:
These goals form the confidentiality, integrity, availability (CIA) triad, the
basis of all security programs.
Usually a documented argument or stated position in order to define a need to
make a decision or take some form of action. Right Ans - business case
Explanation:
A business case is often made to justify the start of a new project, especially a
project related to security.
A type of security management planning where upper, or senior, management
is responsible for initiating and defining policies for the organization. Right
Ans - top-down approach
A type of security management planning where IT staff makes security
decisions directly without input from senior management. This approach is
rarely used in organizations and is considered problematic in the IT industry.
Right Ans - bottom-up approach
This security plan is a long-term plan that is fairly stable. It defines the
organization's security purpose. It also helps to understand security function
and align it to the goals, mission, and objectives of the organization. It's useful
for about five years if it is maintained and updated annually. This plan also
serves as the planning horizon. Long-term goals and visions for the future are
discussed this plan. This
plan should include a risk assessment. Right Ans - Strategic Plan
This security plan is a midterm plan developed to provide more details on
accomplishing the goals set forth in the strategic plan or can be crafted ad hoc
based upon unpredicted events. This plan is typically useful for about a year
Questions & Answers (Expert Verified)
Information security is primarily a discipline to manage the behavior of _____.
A. Technology
B. People
C. Processes
D. Organizations Right Ans - People
Careers in information security are booming because of which of the following
factors?
A. Threats of cyberterrorism
B. Government regulations
C. Growth of the Internet
D. All of these Right Ans - All of these
A program for information security should include which of the following
elements?
A. Security policies and procedures
B. Intentional attacks only
C. Unintentional attacks only
D. None of these Right Ans - Security policies and procedures
Explanation: Answer A is correct.
The Carnegie Melon Information Network Institute (INI) designed programs
to carry out multiple tasks including Information Security Policies.
The growing demand for InfoSec specialists is occurring predominantly in
which of the following types of organizations?
A. Government
B. Corporations
C. Not-for-profit foundations
,D. All of these Right Ans - D. All of these
The concept of the measures used to ensure the protection of the secrecy of
data, objects, or resources. Right Ans - Confidentiality
A catchall safe rating for any box with a lock on it. This rating describes the
thickness of the steel used to make the lockbox. No actual testing is performed
to gain this rating. Right Ans - B-Rate Safe Rating
This safe rating is defined as a variably thick steel box with a 1-inch-thick door
and a lock. No tests are conducted to provide this rating, either. Right Ans -
C-Rate Safe Rating
Safes with an Underwriters Laboratory rating that have passed standardized
tests as defined in Underwriters Laboratory Standard 687 using tools and an
expert group of safe-testing engineers. The safe rating label requires that the
safe be constructed of 1-inch solid steel or equivalent. The label means that
the safe has been tested for a net working time of 15 minutes using "common
hand tools, drills, punches hammers, and pressure applying devices." Net
working time means that when the tool comes off the safe, the clock stops.
Engineers exercise more than 50 different types of attacks that have proven
effective for safecracking. Right Ans - UL TL-15 Safe Rating
This Underwriters Laboratory rating testing is essentially the same as the TL-
15 testing, except for the net working time. Testers get 30 minutes and a few
more tools to help them gain access. Testing engineers usually have a safe's
manufacturing blueprints and can disassemble the safe before the test begins
to see how it works. Right Ans - UL TL-30 Safe Rating
Related to information security, confidentiality is the opposite of which of the
following?
A. Closure
B. Disclosure
C. Disaster
D. Disposal Right Ans - B. Disclosure
Explanation:
,Confidentiality models are primarily intended to ensure that no unauthorized
access to information is permitted and that accidental disclosure of sensitive
information is not possible.
Integrity models have which of the three goals:
A. Prevent unauthorized users from making modifications to data or programs
B. Prevent authorized users from making improper or unauthorized
modifications
C. Maintain internal and external consistency of data and programs
D. All of these Right Ans - D. All of these
Explanation:
Integrity models keep data pure and trustworthy by protecting system data
from intentional or accidental changes.
Information security professionals usually address which of these three
common challenges to availability:
A. Denial of service (DoS) due to intentional attacks or because of
undiscovered flaws in implementation (for example, a program written by a
programmer who is unaware of a flaw that could crash the program if a
certain unexpected input is encountered)
B. Loss of information system capabilities because of natural disasters (fires,
floods, storms, or earthquakes) or human actions (bombs or strikes)
C. Equipment failures during normal use.
D. All of these Right Ans - D. All of these
Explanation:
Availability models keep data and resources available for authorized use,
especially during emergencies or disasters.
Which of the following represents the three goals of information security?
A. Confidentiality, integrity, and availability
B. Prevention, detection, and response
C. People controls, process controls, and technology controls
, D. Network security, PC security, and mainframe security Right Ans - A.
Confidentiality, integrity, and availability
Explanation:
These goals form the confidentiality, integrity, availability (CIA) triad, the
basis of all security programs.
Usually a documented argument or stated position in order to define a need to
make a decision or take some form of action. Right Ans - business case
Explanation:
A business case is often made to justify the start of a new project, especially a
project related to security.
A type of security management planning where upper, or senior, management
is responsible for initiating and defining policies for the organization. Right
Ans - top-down approach
A type of security management planning where IT staff makes security
decisions directly without input from senior management. This approach is
rarely used in organizations and is considered problematic in the IT industry.
Right Ans - bottom-up approach
This security plan is a long-term plan that is fairly stable. It defines the
organization's security purpose. It also helps to understand security function
and align it to the goals, mission, and objectives of the organization. It's useful
for about five years if it is maintained and updated annually. This plan also
serves as the planning horizon. Long-term goals and visions for the future are
discussed this plan. This
plan should include a risk assessment. Right Ans - Strategic Plan
This security plan is a midterm plan developed to provide more details on
accomplishing the goals set forth in the strategic plan or can be crafted ad hoc
based upon unpredicted events. This plan is typically useful for about a year
