WGU C836 FUNDAMENTALS OF INFORMATION SECURITY
EXAM QUESTIONS AND ANSWERS LATEST
Protects information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction - ANSWER: Information Security
Companies that process credit card payments must comply with this set of standards
- ANSWER: Payment Card Industry Data Security Standard (PCI DSS)
Used to keep something private or minimally known - ANSWER: Confidentially
Refers to the ability to prevent our data from being changed in an unauthorized or
undesirable manner. - ANSWER: Integrity
Refers to the ability to access our data when we need it - ANSWER: Availability
A type of attack, primarily against confidentiality - ANSWER: Interception
Something that has the potential to cause harm to our assets - ANSWER: Threat
A weakness that can be used to harm us - ANSWER: Vulnerability
The likelihood that something bad will happen - ANSWER: Risk
An attack that causes our assets to become unusable or unavailable for our use, on a
temporary or permanent basis - ANSWER: interuption attack
An attack that involves tampering with our assets - ANSWER: Modification attack
A model that adds three more principles to the CIA triad: possession or control,
utility, and authenticity - ANSWER: Parkerian hexad
The physical disposition of the media on which the data is stored - ANSWER:
possession or control
Allows for attribution as to the owner or creator of the data in question - ANSWER:
authenticity
Refers to how useful the data is to us - ANSWER: utility
An attack that involves generating data, processes, communications, or other similar
activities with a system - ANSWER: fabrication attack
One of the first and most important steps of the risk management process -
ANSWER: identify assests
,A multilayered defense that will allow us to achieve a successful defense should one
or more of our defensive measures fail - ANSWER: defense in depth
Based on rules, laws, policies, procedures, guidelines, and other items that are
"paper" in nature - ANSWER: administrative controls
Sometimes called technical controls, these protect the systems, networks, and
environments that process, transmit, and store our data - ANSWER: logical controls
Controls that protect the physical environment in which our systems sit, or where
our data is stored - ANSWER: physical controls
Involves putting measures in place to help ensure that a given type of threat is
accounted for - ANSWER: migrating risk
The risk management phase that consists of all of the activities that we can perform
in advance of the incident itself, in order to better enable us to handle it - ANSWER:
preparation phase
The risk management phase where we detect the occurrence of an issue and decide
whether it is actually an incident so that we can respond to it appropriately -
ANSWER: detection and analysis phase
The risk management phase where we determine specifically what happened, why it
happened, and what we can do to keep it from happening again - ANSWER: Post-
incident activity phase
To completely remove the effects of the issue from our environment - ANSWER:
Eradication
Taking steps to ensure that the situation does not cause any more damage than it
already has, or at the very least, lessen any ongoing harm - ANSWER: containment
Restore to a better state (either to the state prior to the incident, or if we did not
detect the problem immediately, prior to when the issue started) - ANSWER: recover
Something that supports our claim to identity, either in our personal interactions or
in computer systems, e.g. social security cards - ANSWER: Identity verification
Authentication requirements help prevent this crime - ANSWER: Falsifying
identification
A set of methods we use to establish a claim of identity as being true - ANSWER:
Authentication
A password is an example of this type of factor - ANSWER: Something you know
, An iris scan is an example of this type of factor - ANSWER: Something you are
A swipe card is an example of this type of factor - ANSWER: Something you have
The time delay between your keystrokes is an example of this type of factor -
ANSWER: Something you do
Being at a specific terminal is an example of this type of factor - ANSWER: where you
are
Uses one or more authentication methods for access - ANSWER: multi-factor
authentication
An authentication mechanism in which both parties authenticate each other -
ANSWER: mutual authentication
Elements of a complex password - ANSWER: A password that is a combination of
uppercase letters, lowercase letters, numbers, and symbols, such as punctuation
marks
Unique personal characteristics, such as fingerprints, used for identification purposes
- ANSWER: biometrics
A stipulation that our chosen biometric characteristic should be present in the
majority of people we expect to enroll in the system - ANSWER: Universality
A measure of the differences of a particular characteristic among a group of
individuals - ANSWER: Uniqueness
How well a particular characteristic resists change over time and with advancing age
- ANSWER: permanence
How easy it is to acquire a characteristic that we can later use to authenticate a user
- ANSWER: collect ability
A set of metrics that judge how well a given system functions - ANSWER:
performance measurement
A measure of how agreeable a particular characteristic is to the users of a system -
ANSWER: acceptability
Describes the ease with which a system can be tricked by a falsified biometric
identifier - ANSWER: Circumvention
The rate at which we accept users whom we should actually have rejected -
ANSWER: False acceptance rate (FAR)
EXAM QUESTIONS AND ANSWERS LATEST
Protects information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction - ANSWER: Information Security
Companies that process credit card payments must comply with this set of standards
- ANSWER: Payment Card Industry Data Security Standard (PCI DSS)
Used to keep something private or minimally known - ANSWER: Confidentially
Refers to the ability to prevent our data from being changed in an unauthorized or
undesirable manner. - ANSWER: Integrity
Refers to the ability to access our data when we need it - ANSWER: Availability
A type of attack, primarily against confidentiality - ANSWER: Interception
Something that has the potential to cause harm to our assets - ANSWER: Threat
A weakness that can be used to harm us - ANSWER: Vulnerability
The likelihood that something bad will happen - ANSWER: Risk
An attack that causes our assets to become unusable or unavailable for our use, on a
temporary or permanent basis - ANSWER: interuption attack
An attack that involves tampering with our assets - ANSWER: Modification attack
A model that adds three more principles to the CIA triad: possession or control,
utility, and authenticity - ANSWER: Parkerian hexad
The physical disposition of the media on which the data is stored - ANSWER:
possession or control
Allows for attribution as to the owner or creator of the data in question - ANSWER:
authenticity
Refers to how useful the data is to us - ANSWER: utility
An attack that involves generating data, processes, communications, or other similar
activities with a system - ANSWER: fabrication attack
One of the first and most important steps of the risk management process -
ANSWER: identify assests
,A multilayered defense that will allow us to achieve a successful defense should one
or more of our defensive measures fail - ANSWER: defense in depth
Based on rules, laws, policies, procedures, guidelines, and other items that are
"paper" in nature - ANSWER: administrative controls
Sometimes called technical controls, these protect the systems, networks, and
environments that process, transmit, and store our data - ANSWER: logical controls
Controls that protect the physical environment in which our systems sit, or where
our data is stored - ANSWER: physical controls
Involves putting measures in place to help ensure that a given type of threat is
accounted for - ANSWER: migrating risk
The risk management phase that consists of all of the activities that we can perform
in advance of the incident itself, in order to better enable us to handle it - ANSWER:
preparation phase
The risk management phase where we detect the occurrence of an issue and decide
whether it is actually an incident so that we can respond to it appropriately -
ANSWER: detection and analysis phase
The risk management phase where we determine specifically what happened, why it
happened, and what we can do to keep it from happening again - ANSWER: Post-
incident activity phase
To completely remove the effects of the issue from our environment - ANSWER:
Eradication
Taking steps to ensure that the situation does not cause any more damage than it
already has, or at the very least, lessen any ongoing harm - ANSWER: containment
Restore to a better state (either to the state prior to the incident, or if we did not
detect the problem immediately, prior to when the issue started) - ANSWER: recover
Something that supports our claim to identity, either in our personal interactions or
in computer systems, e.g. social security cards - ANSWER: Identity verification
Authentication requirements help prevent this crime - ANSWER: Falsifying
identification
A set of methods we use to establish a claim of identity as being true - ANSWER:
Authentication
A password is an example of this type of factor - ANSWER: Something you know
, An iris scan is an example of this type of factor - ANSWER: Something you are
A swipe card is an example of this type of factor - ANSWER: Something you have
The time delay between your keystrokes is an example of this type of factor -
ANSWER: Something you do
Being at a specific terminal is an example of this type of factor - ANSWER: where you
are
Uses one or more authentication methods for access - ANSWER: multi-factor
authentication
An authentication mechanism in which both parties authenticate each other -
ANSWER: mutual authentication
Elements of a complex password - ANSWER: A password that is a combination of
uppercase letters, lowercase letters, numbers, and symbols, such as punctuation
marks
Unique personal characteristics, such as fingerprints, used for identification purposes
- ANSWER: biometrics
A stipulation that our chosen biometric characteristic should be present in the
majority of people we expect to enroll in the system - ANSWER: Universality
A measure of the differences of a particular characteristic among a group of
individuals - ANSWER: Uniqueness
How well a particular characteristic resists change over time and with advancing age
- ANSWER: permanence
How easy it is to acquire a characteristic that we can later use to authenticate a user
- ANSWER: collect ability
A set of metrics that judge how well a given system functions - ANSWER:
performance measurement
A measure of how agreeable a particular characteristic is to the users of a system -
ANSWER: acceptability
Describes the ease with which a system can be tricked by a falsified biometric
identifier - ANSWER: Circumvention
The rate at which we accept users whom we should actually have rejected -
ANSWER: False acceptance rate (FAR)
