WGU D430 FUNDAMENTALS OF INFORMATION SECURITY
EXAM OBJECTIVE ASSESSMENT NEWEST 2024 TEST BANK
ACTUAL EXAM 300 QUESTIONS AND CORRECT DETAILED
ANSWERS (VERIFIED ANSWERS) |ALREADY GRADED A+
1.Information Security ..ANSWER..Protecting information and
information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction.
2.When is infromation insecure ..ANSWER..Not applying
security patches or updates to your system, using weak
passwords, downloading programs from the internet, opening
email attachments with unknown senders, using wireless
networks without encryption
3.Federal Information Security Management Act (FISMA)
..ANSWER..Defines security standards for many federal
agencies in the USA
4.CIA Triad ..ANSWER..Confidentiality, Integrity, Availability
5.Confidentiality ..ANSWER..the assurance that messages and
information are available only to those who are authorized to
view them
5.Integrity ..ANSWER..Ability to prevent people from changing
your data in a unauthorized or undesirable manner
6.availability ..ANSWER..Security actions that ensure that data
is accessible to authorized users.
7.DoS ..ANSWER..Denial of Service
1|Page
,8.Parkerian Hexad ..ANSWER..A model that adds three more
principles to the CIA triad: possession or control, utility, and
authenticity
9.Parkerian Hexad- Authenticity ..ANSWER..allows you to
specify whether you have correctly assigned a specific data to
its legitimate owner or author
10.Parkerian Hexad- Utility ..ANSWER..Refers to how useful the
data is to us. Non binary
11.Parkerian Hexad - Possesion or Control ..ANSWER..Refers to
the physical disposition of the media in which the data is stored
12.Types of Attacks ..ANSWER..Interception, Interruption,
Modification, Fabrication. Each category can affect one or more
of the CIA triad
13.Interception Attacks ..ANSWER..Allow unauthorized users to
access our data, applications, or environments, and are
primarily an attack against confidentiality.
14.Data at Rest ..ANSWER..Data that is stored and is not in the
process of being moved
15.Data in Motion ..ANSWER..Data that is moving over a WAN
or LAN, a wireless network, over the internet, or in other ways
16.Data in Use ..ANSWER..Any data currently being used by a
computer. Because the computer needs to process the data, it
is not encrypted while in use.
2|Page
,17.Interruption Attack ..ANSWER..Make your assets unusable
or unavailable to you on a temporary or permanent basis. Can
affect availability and Integrity. DoS is an example
18.Modification Attack ..ANSWER..An attack that involves
tampering with our assets. Primarily affects integrity but can
affect availability as well.
19.Fabrication Attack ..ANSWER..An attack that involves
generating data, processes, communications, or other similar
activities with a system. Affects primarily integrity and
availability
20.Risk Management ..ANSWER..Identify assets, identify
threats, assess vulnerabilities, assess risk, mitigate risks
21.Physical Controls ..ANSWER..Protects the physical
environment in which your system sits, or where your data is
stored. Also controls access in and out of such environments.
Implemented with technology you can touch
22.logical controls (technical controls) ..ANSWER..Protect the
systems, networks, and environments that process, transmit,
and store our data. Includes: Passwords, encryptions, firewalls.
Implemented through technological means
23.Administrative Controls ..ANSWER..Based on rules, laws,
policies, guidelines, and other items that are "paper" in nature.
Dictate how the user of the environment should behave.
3|Page
, 24.Incident Response..ANSWER..Preparation
Detection & Analysis
Containment, Eradication, & Recovery
Post-Incident Activity
25.Incident Response - Preparation ..ANSWER..Creating policies
and procedures that govern incident response, as well as
handling and conducting training and education.
26.Incident Response - Detection & Analysis ..ANSWER..In this
phase you detect an issue, decide whether it is an incident, and
respond to it appropriately.
27.Incident Response - Containment, Eradication, & Recovery
..ANSWER..Containment: Taking steps to ensure that the
situation doesn't cause more damage than it already has
Eradication: This will be the attempt to remove the effects of
the issue from the environment
Recovery: Involves restoring devices or data from backup
media, rebuilding systems, or reloading applications. The goal is
to recover to a better state than prior to incident
28.Incident Response - Post-Incident Activity
..ANSWER..Determine what happened, why it happened, and
what can be done to stop it from happening again
4|Page
EXAM OBJECTIVE ASSESSMENT NEWEST 2024 TEST BANK
ACTUAL EXAM 300 QUESTIONS AND CORRECT DETAILED
ANSWERS (VERIFIED ANSWERS) |ALREADY GRADED A+
1.Information Security ..ANSWER..Protecting information and
information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction.
2.When is infromation insecure ..ANSWER..Not applying
security patches or updates to your system, using weak
passwords, downloading programs from the internet, opening
email attachments with unknown senders, using wireless
networks without encryption
3.Federal Information Security Management Act (FISMA)
..ANSWER..Defines security standards for many federal
agencies in the USA
4.CIA Triad ..ANSWER..Confidentiality, Integrity, Availability
5.Confidentiality ..ANSWER..the assurance that messages and
information are available only to those who are authorized to
view them
5.Integrity ..ANSWER..Ability to prevent people from changing
your data in a unauthorized or undesirable manner
6.availability ..ANSWER..Security actions that ensure that data
is accessible to authorized users.
7.DoS ..ANSWER..Denial of Service
1|Page
,8.Parkerian Hexad ..ANSWER..A model that adds three more
principles to the CIA triad: possession or control, utility, and
authenticity
9.Parkerian Hexad- Authenticity ..ANSWER..allows you to
specify whether you have correctly assigned a specific data to
its legitimate owner or author
10.Parkerian Hexad- Utility ..ANSWER..Refers to how useful the
data is to us. Non binary
11.Parkerian Hexad - Possesion or Control ..ANSWER..Refers to
the physical disposition of the media in which the data is stored
12.Types of Attacks ..ANSWER..Interception, Interruption,
Modification, Fabrication. Each category can affect one or more
of the CIA triad
13.Interception Attacks ..ANSWER..Allow unauthorized users to
access our data, applications, or environments, and are
primarily an attack against confidentiality.
14.Data at Rest ..ANSWER..Data that is stored and is not in the
process of being moved
15.Data in Motion ..ANSWER..Data that is moving over a WAN
or LAN, a wireless network, over the internet, or in other ways
16.Data in Use ..ANSWER..Any data currently being used by a
computer. Because the computer needs to process the data, it
is not encrypted while in use.
2|Page
,17.Interruption Attack ..ANSWER..Make your assets unusable
or unavailable to you on a temporary or permanent basis. Can
affect availability and Integrity. DoS is an example
18.Modification Attack ..ANSWER..An attack that involves
tampering with our assets. Primarily affects integrity but can
affect availability as well.
19.Fabrication Attack ..ANSWER..An attack that involves
generating data, processes, communications, or other similar
activities with a system. Affects primarily integrity and
availability
20.Risk Management ..ANSWER..Identify assets, identify
threats, assess vulnerabilities, assess risk, mitigate risks
21.Physical Controls ..ANSWER..Protects the physical
environment in which your system sits, or where your data is
stored. Also controls access in and out of such environments.
Implemented with technology you can touch
22.logical controls (technical controls) ..ANSWER..Protect the
systems, networks, and environments that process, transmit,
and store our data. Includes: Passwords, encryptions, firewalls.
Implemented through technological means
23.Administrative Controls ..ANSWER..Based on rules, laws,
policies, guidelines, and other items that are "paper" in nature.
Dictate how the user of the environment should behave.
3|Page
, 24.Incident Response..ANSWER..Preparation
Detection & Analysis
Containment, Eradication, & Recovery
Post-Incident Activity
25.Incident Response - Preparation ..ANSWER..Creating policies
and procedures that govern incident response, as well as
handling and conducting training and education.
26.Incident Response - Detection & Analysis ..ANSWER..In this
phase you detect an issue, decide whether it is an incident, and
respond to it appropriately.
27.Incident Response - Containment, Eradication, & Recovery
..ANSWER..Containment: Taking steps to ensure that the
situation doesn't cause more damage than it already has
Eradication: This will be the attempt to remove the effects of
the issue from the environment
Recovery: Involves restoring devices or data from backup
media, rebuilding systems, or reloading applications. The goal is
to recover to a better state than prior to incident
28.Incident Response - Post-Incident Activity
..ANSWER..Determine what happened, why it happened, and
what can be done to stop it from happening again
4|Page
