WGU C845-INFORMATION SYSTEMS SECURITY MIDTERM 2025/2026 FINAL
CERTIFICATION EXAM CURRENTLY TESTING RATIONALES GRADED A+
Data-level access control
Specifically deals with protecting data in any of its three states
The Three States of Data
In Process, In Transit, At Rest
External Data and Media Access Controls
Offsite Commercial Storage
Formal Access Policy
Data Retention Period
Media Destruction Policy
Accountability
The result of a strong identification and authentication system.
,Assurance of Accountability
The guarantee that the user or subject has been proven to be who they say they are.
Trust Architecture
A relationship that is established between domains that allows users in one domain access
to shared resources that are contained in another domain based upon authentication and
authorization
Trust
A logical relationship between domains that utilizes an authentication process that verifies
the identity of the user and an authorization process that determines the rights and
privileges the user is granted on the resource domain
Trusted Domain
Contains the user requesting access to a resource in another domain; the user's domain
Trusting Domain
Contains the resource to which access is desired; also called the resource domain
Simple Trust Relationship
The user in a trusted domain requests access to a resource in the trusting domain. A
process is undertaken by the trusting domain to authenticate the user and determine the
permissions assigned or authorized to the user by the resource
,Transitive Trust
Relationship where domain A trusts domain B and domain B trusts domain C, then A trust
domain C
Decentralized Authentication
Every server or application is required to verify the identification and authentication of the
user requesting access
Single Sign-On
An identification authentication technique whereby the user signs on one time and has
access to multiple applications. The user authenticates one time, and the system passes
this authentication to applications and other entities
Kerberos
All Microsoft Windows implementations after Windows 2000 use this as the default
authentication protocol.
Public Cloud
Hosted by cloud service providers and made available either as a free service or as a pay-
per-use service
, Private Cloud
Hosted within an organization and the general public is restricted from access
Platform as a Service (PaaS)
Provides the user with a virtual computer. The user can install software and databases and
operate the system as if it were a purchased hardware device sitting on their desk.
Software as a Service (SaaS)
Makes available a software application that is hosted on a remote server and made
available on demand by the user
Infrastructure as a Service (IaaS)
The cloud provider supplies the capability of creating cloud based networks utilizing
standard or virtualized networking components.
Cloud Vulnerabilities
Cloud Vendor Reliability
Data Clearing and Cleansing
Cloud Client Encroachment
Regulations and Jurisdiction
CERTIFICATION EXAM CURRENTLY TESTING RATIONALES GRADED A+
Data-level access control
Specifically deals with protecting data in any of its three states
The Three States of Data
In Process, In Transit, At Rest
External Data and Media Access Controls
Offsite Commercial Storage
Formal Access Policy
Data Retention Period
Media Destruction Policy
Accountability
The result of a strong identification and authentication system.
,Assurance of Accountability
The guarantee that the user or subject has been proven to be who they say they are.
Trust Architecture
A relationship that is established between domains that allows users in one domain access
to shared resources that are contained in another domain based upon authentication and
authorization
Trust
A logical relationship between domains that utilizes an authentication process that verifies
the identity of the user and an authorization process that determines the rights and
privileges the user is granted on the resource domain
Trusted Domain
Contains the user requesting access to a resource in another domain; the user's domain
Trusting Domain
Contains the resource to which access is desired; also called the resource domain
Simple Trust Relationship
The user in a trusted domain requests access to a resource in the trusting domain. A
process is undertaken by the trusting domain to authenticate the user and determine the
permissions assigned or authorized to the user by the resource
,Transitive Trust
Relationship where domain A trusts domain B and domain B trusts domain C, then A trust
domain C
Decentralized Authentication
Every server or application is required to verify the identification and authentication of the
user requesting access
Single Sign-On
An identification authentication technique whereby the user signs on one time and has
access to multiple applications. The user authenticates one time, and the system passes
this authentication to applications and other entities
Kerberos
All Microsoft Windows implementations after Windows 2000 use this as the default
authentication protocol.
Public Cloud
Hosted by cloud service providers and made available either as a free service or as a pay-
per-use service
, Private Cloud
Hosted within an organization and the general public is restricted from access
Platform as a Service (PaaS)
Provides the user with a virtual computer. The user can install software and databases and
operate the system as if it were a purchased hardware device sitting on their desk.
Software as a Service (SaaS)
Makes available a software application that is hosted on a remote server and made
available on demand by the user
Infrastructure as a Service (IaaS)
The cloud provider supplies the capability of creating cloud based networks utilizing
standard or virtualized networking components.
Cloud Vulnerabilities
Cloud Vendor Reliability
Data Clearing and Cleansing
Cloud Client Encroachment
Regulations and Jurisdiction
