WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY EXAM OBJECTIVE ASSESSMENT NEWEST
2024 TEST BANK ACTUAL EXAM 300 QUESTIONS AND
CORRECT DETAILED ANSWERS (VERIFIED
ANSWERS) |ALREADY GRADED A+
Information security - ANS protecting data, software, and hardware
secure against unauthorized access, use, disclosure, disruption,
modification, or destruction.
Compliance - ANS The requirements that are set forth by laws and
industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry,
FISMA- federal government agencies
DAD Triad - ANS Disclosure, alteration, and denial
CIA Triad - ANS The core model of all information security concepts.
Confidential, integrity and availability
Confidential - ANS Ability to protect our data from those who are not
authorized to view it.
1
,What ways can confidentiality be compromised? - ANS - lose a
personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity - ANS Keeping data unaltered by accidental or malicious
intent
How to maintain integrity? - ANS Prevent unauthorized changes to
the data and the ability to reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes.
Availability - ANS The ability to access data when needed
Ways Availability can be compromised - ANS - Power loss
- Application issues
- Network attacks
- System compromised (DoS)
2
,Denial of Service (DoS) - ANS Security problem in which users are
not able to access an information system; can be caused by human
errors, natural disaster, or malicious activity.
Parkerian hexad model - ANS A model that adds three more principles
to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control - ANS Refers to the physical disposition of the
media on which the data is stored; This allows you to discuss loss of data
via its physical medium.
Principle of Possession example - ANS Lost package (encrypted
USB's and unencrypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession;
encrypted is compromised only via possession).
3
, Principle of Authenticity - ANS Allows you to say whether you've
attributed the data in question to the proper owner/creator.
Ways authenticity can be compromised - ANS Sending an email but
altering the message to look like it came from someone else, than the
original one that was sent.
Utility - ANS How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
Security Attacks - ANS Broken down from the type of attack, risk the
attack represents, and controls you might use to mitigate it.
Types of attacks - ANS 1- interception
2- interruption
3- modification
4- fabrication
Interception - ANS Attacks allows unauthorized users to access our
data, applications, or environments.
Primarily an attack against confidentiality
4
SECURITY EXAM OBJECTIVE ASSESSMENT NEWEST
2024 TEST BANK ACTUAL EXAM 300 QUESTIONS AND
CORRECT DETAILED ANSWERS (VERIFIED
ANSWERS) |ALREADY GRADED A+
Information security - ANS protecting data, software, and hardware
secure against unauthorized access, use, disclosure, disruption,
modification, or destruction.
Compliance - ANS The requirements that are set forth by laws and
industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry,
FISMA- federal government agencies
DAD Triad - ANS Disclosure, alteration, and denial
CIA Triad - ANS The core model of all information security concepts.
Confidential, integrity and availability
Confidential - ANS Ability to protect our data from those who are not
authorized to view it.
1
,What ways can confidentiality be compromised? - ANS - lose a
personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity - ANS Keeping data unaltered by accidental or malicious
intent
How to maintain integrity? - ANS Prevent unauthorized changes to
the data and the ability to reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back undesirable changes.
Availability - ANS The ability to access data when needed
Ways Availability can be compromised - ANS - Power loss
- Application issues
- Network attacks
- System compromised (DoS)
2
,Denial of Service (DoS) - ANS Security problem in which users are
not able to access an information system; can be caused by human
errors, natural disaster, or malicious activity.
Parkerian hexad model - ANS A model that adds three more principles
to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control - ANS Refers to the physical disposition of the
media on which the data is stored; This allows you to discuss loss of data
via its physical medium.
Principle of Possession example - ANS Lost package (encrypted
USB's and unencrypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession;
encrypted is compromised only via possession).
3
, Principle of Authenticity - ANS Allows you to say whether you've
attributed the data in question to the proper owner/creator.
Ways authenticity can be compromised - ANS Sending an email but
altering the message to look like it came from someone else, than the
original one that was sent.
Utility - ANS How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
Security Attacks - ANS Broken down from the type of attack, risk the
attack represents, and controls you might use to mitigate it.
Types of attacks - ANS 1- interception
2- interruption
3- modification
4- fabrication
Interception - ANS Attacks allows unauthorized users to access our
data, applications, or environments.
Primarily an attack against confidentiality
4
