WGU C836 FUNDAMENTALS OF INFORMATION SECURITY
EXAM QUESTIONS AND ANSWERS LATEST
Controls that protect the systems, networks, and environments that process,
transmit, and store our data are called _______. - ANSWER: Logical Controls
During what phase of the incident response process do we determine what
happened, why it happened, and what we can do to keep it from happening again? -
ANSWER: Post-Incident Activity
Something that has the potential to cause harm to our assets is known as a(n)
________. - ANSWER: Threat
What is the first and arguably one of the most important steps of the risk
management process? - ANSWER: Identify assess
The Fabrication attack type most commonly affects which principle(s) of the CIA
triad? - ANSWER: Integrity and Availability
The Interception attack type most commonly affects which principle(s) of the CIA
triad? - ANSWER: Confidentiality
A badge or token is considered what type of authentication? - ANSWER: Something
you have
A password or PIN is considered what type of authentication? - ANSWER: Something
you know
The set of methods we use to establish a claim of identity as being true is called
______. - ANSWER: Authentication
A fingerprint is considered what type of authentication? - ANSWER: Something you
are
What type of authentication can prevent a man-in-the-middle attack? - ANSWER:
Mutual
The biometric characteristic that measures how well a factor resists change over
time and with advancing age is called __________ - ANSWER: Permanence
What dictates that we should only allow the bare minimum of access, as needed? -
ANSWER: Principle of least privilege
Access controls are policies or procedures used to control access to certain items. -
ANSWER: True
,What is implemented through the use of access controls? - ANSWER: Authorization
Which answer best describes the authorization component of access control? -
ANSWER: Authorization is the process of determining who is approved for access
and what resources they are approved for.
A client-side attack that involves the attacker placing an invisible layer over
something on a website that the user would normally click on, in order to execute a
command differing from what the user thinks they are performing, is known as
___________. - ANSWER: Clickjacking
What type of access control can prevent the confused deputy problem? - ANSWER:
Capability-based security
A user who creates a network share and sets permissions on that share is employing
which model of access control? - ANSWER: Discretionary access control
A VPN connection that is set to time out after 24 hours is demonstrating which
model of access control? - ANSWER: Attribute-based access control
Confidential Services Inc. is a military-support branch consisting of 1,400 computers
with Internet access and 250 servers. All employees are required to have security
clearances. From the options listed below, what access control model would be most
appropriate for this organization? - ANSWER: Mandatory access control
What is information security? - ANSWER: Protecting information and information
systems from unauthorized access, use, disclosure, disruption, modification, or
destruction.
Using the concept of defense in depth we can protect ourselves against someone
using a USB flash drive to remove confidential data from an office space within our
building. - ANSWER: True
Select the example(s) of identity verification. (Choose all that apply.) - ANSWER: SSN
Passport
Birth certificate
Multifactor authentication is the use of more than one authentication method to
access an information system. - ANSWER: True
Which password below would meet complexity standards? - ANSWER: !
Q@S#z6ge7Uks1lw3
What is accountability comprised of? - ANSWER: Authorization
, Authentication
Identification
Access
What document do courts require for admissibility of records? - ANSWER: Chain of
custody
An employee is charged with fraud, and the company can prove in court that there
are email transactions showing that the employee completed these using a digital
signature. What term is being described? - ANSWER: Nonrepudiation
What is auditing? - ANSWER: The primary means to ensure accountability through
technical means
What are the two common forms of assessments performed on networks? (Choose
all that apply.) - ANSWER: Penetration test
Vulnerability assessment
_______ provides us with the means to trace activities in our environment back to
their source. - ANSWER: Accountability
Nessus is an example of a(n) _______________ tool. - ANSWER: Vulnerability
scanning
A surveillance video log contains a record, including the exact date and time, of an
individual gaining access to his company's office building after hours. He denies that
he was there during that time, but the existence of the video log proves otherwise.
What benefit of accountability does this example demonstrate? - ANSWER: Non
repudiation
What process ensures compliance with applicable laws, policies, and other bodies of
administrative control, and detects misuse? - ANSWER: Auditing
Your organization's network was recently the target of an attack. Fortunately, the
new system you installed took action and refused traffic from the source before you
even had a chance to respond. What system did you install? - ANSWER: An intrusion
prevention system
The act of scrambling plain text into cyphertext is known as ________. - ANSWER:
encryption
A strong hash function is designed so that a message cannot be forged that will
result in the same hash as a legitimate message. - ANSWER: True
EXAM QUESTIONS AND ANSWERS LATEST
Controls that protect the systems, networks, and environments that process,
transmit, and store our data are called _______. - ANSWER: Logical Controls
During what phase of the incident response process do we determine what
happened, why it happened, and what we can do to keep it from happening again? -
ANSWER: Post-Incident Activity
Something that has the potential to cause harm to our assets is known as a(n)
________. - ANSWER: Threat
What is the first and arguably one of the most important steps of the risk
management process? - ANSWER: Identify assess
The Fabrication attack type most commonly affects which principle(s) of the CIA
triad? - ANSWER: Integrity and Availability
The Interception attack type most commonly affects which principle(s) of the CIA
triad? - ANSWER: Confidentiality
A badge or token is considered what type of authentication? - ANSWER: Something
you have
A password or PIN is considered what type of authentication? - ANSWER: Something
you know
The set of methods we use to establish a claim of identity as being true is called
______. - ANSWER: Authentication
A fingerprint is considered what type of authentication? - ANSWER: Something you
are
What type of authentication can prevent a man-in-the-middle attack? - ANSWER:
Mutual
The biometric characteristic that measures how well a factor resists change over
time and with advancing age is called __________ - ANSWER: Permanence
What dictates that we should only allow the bare minimum of access, as needed? -
ANSWER: Principle of least privilege
Access controls are policies or procedures used to control access to certain items. -
ANSWER: True
,What is implemented through the use of access controls? - ANSWER: Authorization
Which answer best describes the authorization component of access control? -
ANSWER: Authorization is the process of determining who is approved for access
and what resources they are approved for.
A client-side attack that involves the attacker placing an invisible layer over
something on a website that the user would normally click on, in order to execute a
command differing from what the user thinks they are performing, is known as
___________. - ANSWER: Clickjacking
What type of access control can prevent the confused deputy problem? - ANSWER:
Capability-based security
A user who creates a network share and sets permissions on that share is employing
which model of access control? - ANSWER: Discretionary access control
A VPN connection that is set to time out after 24 hours is demonstrating which
model of access control? - ANSWER: Attribute-based access control
Confidential Services Inc. is a military-support branch consisting of 1,400 computers
with Internet access and 250 servers. All employees are required to have security
clearances. From the options listed below, what access control model would be most
appropriate for this organization? - ANSWER: Mandatory access control
What is information security? - ANSWER: Protecting information and information
systems from unauthorized access, use, disclosure, disruption, modification, or
destruction.
Using the concept of defense in depth we can protect ourselves against someone
using a USB flash drive to remove confidential data from an office space within our
building. - ANSWER: True
Select the example(s) of identity verification. (Choose all that apply.) - ANSWER: SSN
Passport
Birth certificate
Multifactor authentication is the use of more than one authentication method to
access an information system. - ANSWER: True
Which password below would meet complexity standards? - ANSWER: !
Q@S#z6ge7Uks1lw3
What is accountability comprised of? - ANSWER: Authorization
, Authentication
Identification
Access
What document do courts require for admissibility of records? - ANSWER: Chain of
custody
An employee is charged with fraud, and the company can prove in court that there
are email transactions showing that the employee completed these using a digital
signature. What term is being described? - ANSWER: Nonrepudiation
What is auditing? - ANSWER: The primary means to ensure accountability through
technical means
What are the two common forms of assessments performed on networks? (Choose
all that apply.) - ANSWER: Penetration test
Vulnerability assessment
_______ provides us with the means to trace activities in our environment back to
their source. - ANSWER: Accountability
Nessus is an example of a(n) _______________ tool. - ANSWER: Vulnerability
scanning
A surveillance video log contains a record, including the exact date and time, of an
individual gaining access to his company's office building after hours. He denies that
he was there during that time, but the existence of the video log proves otherwise.
What benefit of accountability does this example demonstrate? - ANSWER: Non
repudiation
What process ensures compliance with applicable laws, policies, and other bodies of
administrative control, and detects misuse? - ANSWER: Auditing
Your organization's network was recently the target of an attack. Fortunately, the
new system you installed took action and refused traffic from the source before you
even had a chance to respond. What system did you install? - ANSWER: An intrusion
prevention system
The act of scrambling plain text into cyphertext is known as ________. - ANSWER:
encryption
A strong hash function is designed so that a message cannot be forged that will
result in the same hash as a legitimate message. - ANSWER: True
