WGU C954 V8 Ch 13 Exam Questions and Answers | Latest Update 2026 | Graded A+

WGU C954 V8 Ch 13 Exam Questions and Answers | Latest Update 2026 | Graded A+ Access control - answer-Restrictions on who has permission to read, write, alter, or delete data. What does 'adequate' refer to in a security policy? - answer-A security policy that addresses the minimum requirements necessary to protect the people, processes, data, software, and/or hardware. What are the components that an adequate security policy aims to protect? - answer-People, processes, data, software, and hardware. advanced persistent threat (APT) - answer-A group with the knowledge, skills, and computer resources necessary to conduct cybercrime campaigns. alteration - answer-A compromise of data integrity. What is annualized loss expectancy (ALE)? - answer-The financial impact that can be expected in a given year from a particular disaster. How do you calculate annualized loss expectancy (ALE)? - answer-Multiply the single loss expectancy (SLE) by the annualized rate of occurrence (ARO). What does ARO stand for? - answer-Annualized Rate of OccurrenceWhat is the annualized rate of occurrence (ARO)? - answer-The number of times that a business expects to experience a given type of disruptive event in any given year. asset value (AV) - answer-The value of the information system to the company. authentication - answer-Proof of the identity of the sender. availability - answer-Ensuring that data is accessible without interruption or delay. business-critical system - answer-A system needed for the day-to-day operations and profitability of an organization. What is a business impact assessment (BIA)? - answer-A formal process to evaluate the consequences of security incidents. What does a business impact assessment evaluate? - answer-The impact of security incidents on the organization's critical functions, processes, and operations. CIA Triad - answer-The information security principles of confidentiality, integrity, and availability. cipher text - answer-Data in a coded format that requires specialized tools and data to read. confidentiality - answer-Ensuring that data is only accessible by those who have appropriately approved access cryptographic hash - answer-A unique digital fingerprint of the data being processed. cryptographic key - answer-A string of characters used to encrypt and decrypt ographic signature - answer-An encrypted version of the cryptographic hash What is cryptography? - answer-The practice of securing information by transforming it into a coded format. Who can read information secured by cryptography? - answer-Only someone with the correct tools and data. data labeling - answer-Adding metadata that indicates the sensitivity of the data. decryption - answer-The process of converting cipher text back into plain text. defense-in-depth - answer-Using multiple layers of mitigation to maximize protection of an asset denial of service - answer-Making data inaccessible to those with a need to access it. denial of service (DOS) attack - answer-An attack that occurs when a system is rendered incapable of responding to normal requests. disclosure - answer-The release of information without appropriate permission; also known as a data breach. distributed denial of service (DDOS) attack - answer-The use of multiple computers to compromise the availability of the target system. What is an effective security policy? - answer-A security policy that shows, through evidence, that it is being implemented appropriately.What does an effective security policy demonstrate? - answer-It has a demonstrable impact in protecting the people, processes, data, software, and/or hardware covered by the policy. What is encryption? - answer-Converting ordinary data into an encoded format. What is required to read encrypted data? - answer-The correct decryption key. What is an essential system? - answer-A fundamental system that allows an organization to carry out basic operations. What does an essential system help maintain? - answer-A minimum level of functionality. exploit - answer-The method to take advantage of a vulnerability. exposure factor (EF) - answer-The degree of impact that a given risk would have on a specific information system. incident - answer-An event where the confidentiality, integrity, or availability of information is com-promised. What is incident response? - answer-A structured approach to handling and managing an incident. What is the aim of incident response? - answer-To limit damage, reduce recovery time and costs, and mitigate the impact on business operations. What is information security? - answer-The discipline of protecting information (either digital or physical) against threats.What are the key aspects of information security? - answer-Confidentiality, integrity, and availability. What does information security protect? - answer-Information systems, facilities, and other resources. integrity - answer-Ensuring that data is not changed without appropriate permission. What is malicious software commonly known as? - answer-Malware What is the purpose of malware? - answer-To disrupt normal computer operations What can malware do to a computer system? - answer-Impair or interrupt the system What type of data can malware steal? - answer-Sensitive data What kind of actions can malware perform? - answer-Unwanted actions