Security (WGU) Exam Actual Answers
Physical Security ✔️✔️is largely concerned with the protection of three main categories of
assets: people, equipment, and data. Our primary concern, of course, is to protect people.
People are considerably more difficult to replace than equipment or data, particularly when they
are experienced in their particular field and are familiar with the processes and tasks they
perform.
Name different kinds of physical threats: ✔️✔️• Extreme temperature
• Gases
• Liquids
• Living organisms
• Projectiles
• Movement
• Energy anomalies
• People
• Toxins
• Smoke and fire
,What are Physical Security Controls? ✔️✔️The devices, systems, people, and other methods
we put in place to ensure our security in a physical sense. There are three main types of physical
controls deterrent, detective, and preventive.
Deterrent Controls ✔️✔️controls that are designed to discourage those who might seek to
violate our security controls from doing so, whether the threat is external or internal. Some
examples might include:
i. Signs
ii. Pointing out or listing potential consequences for violations
iii. Security landscaping (such as boulders to prevent vehicle entry)
Detective Controls ✔️✔️controls that serve to detect and report undesirable events that are
taking place. The classic example of a detective control can be found in burglar alarms and
physical intrusion detection systems, dog, camera, guards, etc.
Preventive Controls ✔️✔️controls are used to physically prevent unauthorized entities from
breaching our physical security:
i. Locks
ii. Fences
iii. Doors
iv. Guards and dogs
,What are some tools used to protect and defend our networks? ✔️✔️• Network segmentation
• Firewalls
• IDS/IPS
• Wireless Secure Protocols
• VPNs
• Secure Protocols
• MDM
• Port Scanners
• Packet Sniffers
• Honeypots
Make sure to know the difference between all of these and the kinds of threats they defend
against.
Network Segmentation ✔️✔️is when we segment a network, we divide it into multiple smaller
networks, each acting as its own small network called a subnet. We can control the flow of
traffic between subnets, allowing or disallowing traffic based on a variety of factors, or even
blocking the flow of traffic entirely if necessary.
Firewalls ✔️✔️are a mechanism for maintaining control over the traffic that flows into and out
of our network(s). They naturally create network segmentation when installed. They examine
, packets moving through the network to determine whether it should be allowed in or not (based
on protocol, application, etc.)
Packet filtering ✔️✔️is one of the oldest and simplest of firewall technologies. Packet filtering
looks at the contents of each packet in the traffic individually and makes a gross determination,
based on the source and destination IP addresses, the port number, and the protocol being used,
of whether the traffic will be allowed to pass.
Stateful Firewall ✔️✔️uses what is called a state table to keep track of the connection state and
will only allow traffic through that is part of a new or already established connection. Most
stateful firewalls can also function as a packet filtering firewall, often combining the two forms
of filtering. For example, this type of firewall can identify and track the traffic related to a
particular user-initiated connection to a Web site, and knows when the connection has been
closed and further traffic should not legitimately be present.
Deep Packet Inspection Firewall ✔️✔️adds yet another layer of intelligence to our firewall
capabilities. Deep packet inspection firewalls are capable of analyzing the actual content of the
traffic that is flowing through them. Although packet filtering firewalls and stateful firewalls can
only look at the structure of the network traffic itself in order to filter out attacks and undesirable
content, deep packet inspection firewalls can actually reassemble the contents of the traffic to
look at what will be delivered to the application for which it is ultimately destined. (Analogy: A
mail carrier opening a package and taking a deep look inside before deciding whether to send it
based on its contents)