WGU Course C836 - Fundamentals of Information Security Quizlet by Bria
MacFarlane
Study online at https://quizlet.com/_722h9h
1. Which cybersecurity term is defined as the potential for an attack on a
resource?
A Impact
B Vulnerability
C Risk
D Threat: D
2. Which security type deliberately exposes a system's vulnerabilities or
resources to an attacker?
A Intrusion detection
B Firewalls
C Honeypots
D Intrusion prevention: C
3. Which tool can be used to map devices on a network, along with their
operating system types and versions?
A Packet sniffer
B Packet filter
C Port scanner
D Stateful firewall: C
4. Which web attack is a server-side attack?
A Clickjacking
B Cross-site scripting
C SQL injection
D Cross-site request forgery: C
5. An organization employs a VPN to safeguard its information.
Which security principle is protected by a VPN?
A Data in motion
B Data at rest
C Data in use
D Data in storage: A
6. A malicious hacker was successful in a denial of service (DoS) attack
against an institution's mail server. Fortunately, no data was lost or altered
while the server was offline.
, WGU Course C836 - Fundamentals of Information Security Quizlet by Bria
MacFarlane
Study online at https://quizlet.com/_722h9h
Which type of attack is this?
A Modification
B Fabrication
C Interception
D Interruption: D
7. A company has had several successful denial of service (DoS) attacks on
its email server.
Which security principle is being attacked?
A Possession
B Integrity
C Confidentiality
D Availability: D
8. A new start-up company has started working on a social networking
website. The company has moved all its source code to a cloud provider and
wants to protect this source code from unauthorized access.
Which cyber defense concept should the start-up company use to maintain
the confidentiality of its source code?
A Alarm systems
B Account permissions
C Antivirus software
D File encryption: D
9. A company has an annual audit of installed software and data storage
systems. During the audit, the auditor asks how the company's most critical
data is used. This determination helps the auditor ensure that the proper
defense mechanisms are in place to protect critical data.
Which principle of the Parkerian hexad is the auditor addressing?
A Possession
B Integrity
C Authenticity
D Utility: D
, WGU Course C836 - Fundamentals of Information Security Quizlet by Bria
MacFarlane
Study online at https://quizlet.com/_722h9h
10. Which web attack is possible due to a lack of input validation?
A Extraneous files
B Clickjacking
C SQL injection
D Cross-site request forgery: C
11. Which file action implements the principle of confidentiality from the CIA
triad?
A Compression
B Hash
C Backup
D Encryption: D
12. Which cyber defense concept suggests limiting permissions to only what
is necessary to perform a particular task?
A Authentication
B Authorization
C Defense in depth
D Principle of least privilege: D
13. A company institutes a new policy that "All office computer monitors
must face toward employees and must face away from doorways. The moni-
tor screens must not be visible to people visiting the office."
Which principle of the CIA triad is this company applying?
A Availability
B Confidentiality
C Utility
D Integrity: B
14. At a small company, an employee makes an unauthorized data alteration.
Which component of the CIA triad has been compromised?
A Confidentiality
B Authenticity
, WGU Course C836 - Fundamentals of Information Security Quizlet by Bria
MacFarlane
Study online at https://quizlet.com/_722h9h
C Integrity
D Availability: C
15. An organization plans to encrypt data in transit on a network.
Which aspect of data is the organization attempting to protect?
A Integrity
B Possession
C Availability
D Authenticity: A
16. Which aspect of the CIA triad is violated by an unauthorized database
rollback or undo?
A Availability
B Identification
C Integrity
D Confidentiality: C
17. A company's website has suffered several denial of service (DoS) attacks
and wishes to thwart future attacks.
Which security principle is the company addressing?
A Availability
B Authenticity
C Confidentiality
D Possession: A
18. An organization has a requirement that all database servers and file
servers be configured to maintain operations in the presence of a failure.
Which principle of the CIA triad is this requirement implementing?
A Utility
B Integrity
C Availability
D Confidentiality: C
19. A company's IT policy manual states that "All company computers, work-
stations, application servers, and mobile devices must have current versions
MacFarlane
Study online at https://quizlet.com/_722h9h
1. Which cybersecurity term is defined as the potential for an attack on a
resource?
A Impact
B Vulnerability
C Risk
D Threat: D
2. Which security type deliberately exposes a system's vulnerabilities or
resources to an attacker?
A Intrusion detection
B Firewalls
C Honeypots
D Intrusion prevention: C
3. Which tool can be used to map devices on a network, along with their
operating system types and versions?
A Packet sniffer
B Packet filter
C Port scanner
D Stateful firewall: C
4. Which web attack is a server-side attack?
A Clickjacking
B Cross-site scripting
C SQL injection
D Cross-site request forgery: C
5. An organization employs a VPN to safeguard its information.
Which security principle is protected by a VPN?
A Data in motion
B Data at rest
C Data in use
D Data in storage: A
6. A malicious hacker was successful in a denial of service (DoS) attack
against an institution's mail server. Fortunately, no data was lost or altered
while the server was offline.
, WGU Course C836 - Fundamentals of Information Security Quizlet by Bria
MacFarlane
Study online at https://quizlet.com/_722h9h
Which type of attack is this?
A Modification
B Fabrication
C Interception
D Interruption: D
7. A company has had several successful denial of service (DoS) attacks on
its email server.
Which security principle is being attacked?
A Possession
B Integrity
C Confidentiality
D Availability: D
8. A new start-up company has started working on a social networking
website. The company has moved all its source code to a cloud provider and
wants to protect this source code from unauthorized access.
Which cyber defense concept should the start-up company use to maintain
the confidentiality of its source code?
A Alarm systems
B Account permissions
C Antivirus software
D File encryption: D
9. A company has an annual audit of installed software and data storage
systems. During the audit, the auditor asks how the company's most critical
data is used. This determination helps the auditor ensure that the proper
defense mechanisms are in place to protect critical data.
Which principle of the Parkerian hexad is the auditor addressing?
A Possession
B Integrity
C Authenticity
D Utility: D
, WGU Course C836 - Fundamentals of Information Security Quizlet by Bria
MacFarlane
Study online at https://quizlet.com/_722h9h
10. Which web attack is possible due to a lack of input validation?
A Extraneous files
B Clickjacking
C SQL injection
D Cross-site request forgery: C
11. Which file action implements the principle of confidentiality from the CIA
triad?
A Compression
B Hash
C Backup
D Encryption: D
12. Which cyber defense concept suggests limiting permissions to only what
is necessary to perform a particular task?
A Authentication
B Authorization
C Defense in depth
D Principle of least privilege: D
13. A company institutes a new policy that "All office computer monitors
must face toward employees and must face away from doorways. The moni-
tor screens must not be visible to people visiting the office."
Which principle of the CIA triad is this company applying?
A Availability
B Confidentiality
C Utility
D Integrity: B
14. At a small company, an employee makes an unauthorized data alteration.
Which component of the CIA triad has been compromised?
A Confidentiality
B Authenticity
, WGU Course C836 - Fundamentals of Information Security Quizlet by Bria
MacFarlane
Study online at https://quizlet.com/_722h9h
C Integrity
D Availability: C
15. An organization plans to encrypt data in transit on a network.
Which aspect of data is the organization attempting to protect?
A Integrity
B Possession
C Availability
D Authenticity: A
16. Which aspect of the CIA triad is violated by an unauthorized database
rollback or undo?
A Availability
B Identification
C Integrity
D Confidentiality: C
17. A company's website has suffered several denial of service (DoS) attacks
and wishes to thwart future attacks.
Which security principle is the company addressing?
A Availability
B Authenticity
C Confidentiality
D Possession: A
18. An organization has a requirement that all database servers and file
servers be configured to maintain operations in the presence of a failure.
Which principle of the CIA triad is this requirement implementing?
A Utility
B Integrity
C Availability
D Confidentiality: C
19. A company's IT policy manual states that "All company computers, work-
stations, application servers, and mobile devices must have current versions
