WGU D430 EXAM WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY EXAM LATEST V2 2024/2025 REAL EXAM WITH ACTUAL
QUESTIONS AND CORRECT VERIFIED ANSWERS LATEST UPDATED
VERSION 2024 ALREADY GRADED A+
Information security
protecting data, software, and hardware secure against
unauthorized access, use, disclosure, disruption,
modification, or destruction.
Compliance
The requirements that are set forth by laws and industry
regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card
industry, FISMA- federal government agencies
DAD Triad
Disclosure, alteration, and denial
CIA Triad
The core model of all information security concepts.
Confidential, integrity and availability
Confidential
Ability to protect our data from those who are not
authorized to view it.
What ways can confidentiality be compromised?
- lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity
Keeping data unaltered by accidental or malicious intent
,How to maintain integrity?
Prevent unauthorized changes to the data and the ability
to reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back undesirable
changes.
Availability
The ability to access data when needed
Ways Availability can be compromised
- Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS)
Security problem in which users are not able to access an
information system; can be caused by human errors,
natural disaster, or malicious activity.
Parkerian hexad model
A model that adds three more principles to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control
Refers to the physical disposition of the media on which
the data is stored; This allows you to discuss loss of data
via its physical medium.
Principle of Possession example
Lost package (encrypted USB's and unencrypted USB's)
possession is an issue because the tapes are physically
,lost.
(Unencrypted is compromised via confidentiality and
possession; encrypted is compromised only via
possession).
Principle of Authenticity
Allows you to say whether you've attributed the data in
question to the proper owner/creator.
Ways authenticity can be compromised
Sending an email but altering the message to look like it
came from someone else, than the original one that was
sent.
Utility
How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
Security Attacks
Broken down from the type of attack, risk the attack
represents, and controls you might use to mitigate it.
Types of attacks
1- interception
2- interruption
3- modification
4- fabrication
Interception
Attacks allows unauthorized users to access our data,
applications, or environments.
Primarily an attack against confidentiality
Interception Attack Examples
Unauthorized file viewing, copying, eavesdropping on
phone conversations, reading someone's emails.
, Interruption
Attacks cause our assets to become unstable or
unavailable for our use, on a temporary or permanent
basis.
This attack affects availability but can also attack integrity
Interruption Attack Examples
DoS attack on a mail server; availability attack
Attacker manipulates the processes on which a database
runs to prevent access; integrity attack.
Could also be a combo of both.
Modification
Attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity
attack, but could also be an availability attack.
Modification Attack example
Accessing a file in a unauthorized manner and alter the
data it contains; affects the integrity.
If the file in question is a config file that manages how a
service behaves (web server) this may affect
the availability.
If the config file changes how the server deals with
encrypted connections; then its a confidentiality attack.
Fabrication
Attacks involve generating data, processes,
communications, or other similar activities with a system.
Attacks primarily affect integrity but can be considered an
availability attack.
Fabrication attack examples
SECURITY EXAM LATEST V2 2024/2025 REAL EXAM WITH ACTUAL
QUESTIONS AND CORRECT VERIFIED ANSWERS LATEST UPDATED
VERSION 2024 ALREADY GRADED A+
Information security
protecting data, software, and hardware secure against
unauthorized access, use, disclosure, disruption,
modification, or destruction.
Compliance
The requirements that are set forth by laws and industry
regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card
industry, FISMA- federal government agencies
DAD Triad
Disclosure, alteration, and denial
CIA Triad
The core model of all information security concepts.
Confidential, integrity and availability
Confidential
Ability to protect our data from those who are not
authorized to view it.
What ways can confidentiality be compromised?
- lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity
Keeping data unaltered by accidental or malicious intent
,How to maintain integrity?
Prevent unauthorized changes to the data and the ability
to reverse unwanted authorized changes.
Via system/file permissions or Undo/Roll back undesirable
changes.
Availability
The ability to access data when needed
Ways Availability can be compromised
- Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS)
Security problem in which users are not able to access an
information system; can be caused by human errors,
natural disaster, or malicious activity.
Parkerian hexad model
A model that adds three more principles to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control
Refers to the physical disposition of the media on which
the data is stored; This allows you to discuss loss of data
via its physical medium.
Principle of Possession example
Lost package (encrypted USB's and unencrypted USB's)
possession is an issue because the tapes are physically
,lost.
(Unencrypted is compromised via confidentiality and
possession; encrypted is compromised only via
possession).
Principle of Authenticity
Allows you to say whether you've attributed the data in
question to the proper owner/creator.
Ways authenticity can be compromised
Sending an email but altering the message to look like it
came from someone else, than the original one that was
sent.
Utility
How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
Security Attacks
Broken down from the type of attack, risk the attack
represents, and controls you might use to mitigate it.
Types of attacks
1- interception
2- interruption
3- modification
4- fabrication
Interception
Attacks allows unauthorized users to access our data,
applications, or environments.
Primarily an attack against confidentiality
Interception Attack Examples
Unauthorized file viewing, copying, eavesdropping on
phone conversations, reading someone's emails.
, Interruption
Attacks cause our assets to become unstable or
unavailable for our use, on a temporary or permanent
basis.
This attack affects availability but can also attack integrity
Interruption Attack Examples
DoS attack on a mail server; availability attack
Attacker manipulates the processes on which a database
runs to prevent access; integrity attack.
Could also be a combo of both.
Modification
Attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity
attack, but could also be an availability attack.
Modification Attack example
Accessing a file in a unauthorized manner and alter the
data it contains; affects the integrity.
If the file in question is a config file that manages how a
service behaves (web server) this may affect
the availability.
If the config file changes how the server deals with
encrypted connections; then its a confidentiality attack.
Fabrication
Attacks involve generating data, processes,
communications, or other similar activities with a system.
Attacks primarily affect integrity but can be considered an
availability attack.
Fabrication attack examples
