WGU C836 OA Study Guide (Overly Informative) Questions
and Answers
CIA Triad - answerConfidentiality, Integrity, Availability
Parkerian hexad - answerWhere the CIA triad consists of confidentiality, integrity, and availability,
the Parkerian hexad consists of these three principles, as well as possession or control,
authenticity, and utility
Confidentiality - answerRefers to our ability to protect our data from those who are not authorized
to view it.
Confidentiality can be compromised by the loss of a laptop containing data, a person looking over
our shoulder while we type a password, an e-mail attachment being sent to the wrong person, an
attacker penetrating our systems, or similar issues.
Integrity - answerRefers to the ability to prevent our data from being changed in an unauthorized
or undesirable manner. This could mean the unauthorized change or deletion of our data or
portions of our data, or it could mean an authorized, but undesirable, change or deletion of our
data. To maintain integrity, we not only need to have the means to prevent unauthorized changes
to our data but also need the ability to reverse authorized changes that need to be undone.
Availability - answerrefers to the ability to access our data when we need it. Loss of availability can
refer to a wide variety of breaks anywhere in the chain that allows us access to our data. Such
issues can result from power loss, operating system or application problems, network attacks,
compromise of a system, or other problems. When such issues are caused by an outside party,
such as an attacker, they are commonly referred to as a denial of service (DoS) attack.
Possession or Control - answerRefers to the physical disposition of the media on which the data is
stored. This enables us, without involving other factors such as availability, to discuss our loss of
the data in its physical medium
,An example is data store be on multiple devices and there could be numerous versions.
Authenticity - answerAttribution as to the owner or creator of the data in question.
Authenticity can be enforced through the use of digital signatures.
Utility - answerRefers to how useful the data is to us.
Interception - answerInterception attacks allow unauthorized users to access our data,
applications, or environments and are primarily an attack against confidentiality. Interception
might take the form of unauthorized file viewing or copying, eavesdropping on phone
conversations, or reading e-mail, and can be conducted against data at rest or in motion. Properly
executed, interception attacks can be very difficult to detect.
Affects Confidentiality
Interruption - answerInterruption attacks cause our assets to become unusable or unavailable for
our use, on a temporary or permanent basis. Interruption attacks often affect availability but can
be an attack on integrity as well. In the case of a DoS attack on a mail server, we would classify this
as an availability attack.
Affects Integrity and availability
Modification - answerModification attacks involve tampering with our asset. If we access a file in
an unauthorized manner and alter the data it contains, we have affected the integrity of the data
contained in the file.
Fabrication - answerFabrication attacks involve generating data, processes, communications, or
other similar activities with a system. Fabrication attacks primarily affect integrity but could be
considered an availability attack as well. If we generate spurious information in a database, this
would be considered to be a fabrication attack.
, Affects Integrity and Availability
Threat - answerSomething that has potential to cause harm
Vulnerability - answerWeaknesses that can be used to harm us
Risk - answerLikeliness that something bad will happen
Impact - answerThe value of the asset is used to assess if a risk is present
Something you know - answerPassword or PIN
Something you are - answerAn authentication factor using biometrics, such as a fingerprint
scanner.
Something you have - answerAuthentication factor that relies on possession (FOB, Card, Cell
Phone, Key)
Something you do - answerAn authentication factor indicating action, such as gestures on a touch
screen.
Multifactor Authentication - answerUses one or more authentication methods for access
Mutual Authentication - answerA security mechanism that requires that each party in a
communication verify its identity.
Can be combine with multifactor authentication.
and Answers
CIA Triad - answerConfidentiality, Integrity, Availability
Parkerian hexad - answerWhere the CIA triad consists of confidentiality, integrity, and availability,
the Parkerian hexad consists of these three principles, as well as possession or control,
authenticity, and utility
Confidentiality - answerRefers to our ability to protect our data from those who are not authorized
to view it.
Confidentiality can be compromised by the loss of a laptop containing data, a person looking over
our shoulder while we type a password, an e-mail attachment being sent to the wrong person, an
attacker penetrating our systems, or similar issues.
Integrity - answerRefers to the ability to prevent our data from being changed in an unauthorized
or undesirable manner. This could mean the unauthorized change or deletion of our data or
portions of our data, or it could mean an authorized, but undesirable, change or deletion of our
data. To maintain integrity, we not only need to have the means to prevent unauthorized changes
to our data but also need the ability to reverse authorized changes that need to be undone.
Availability - answerrefers to the ability to access our data when we need it. Loss of availability can
refer to a wide variety of breaks anywhere in the chain that allows us access to our data. Such
issues can result from power loss, operating system or application problems, network attacks,
compromise of a system, or other problems. When such issues are caused by an outside party,
such as an attacker, they are commonly referred to as a denial of service (DoS) attack.
Possession or Control - answerRefers to the physical disposition of the media on which the data is
stored. This enables us, without involving other factors such as availability, to discuss our loss of
the data in its physical medium
,An example is data store be on multiple devices and there could be numerous versions.
Authenticity - answerAttribution as to the owner or creator of the data in question.
Authenticity can be enforced through the use of digital signatures.
Utility - answerRefers to how useful the data is to us.
Interception - answerInterception attacks allow unauthorized users to access our data,
applications, or environments and are primarily an attack against confidentiality. Interception
might take the form of unauthorized file viewing or copying, eavesdropping on phone
conversations, or reading e-mail, and can be conducted against data at rest or in motion. Properly
executed, interception attacks can be very difficult to detect.
Affects Confidentiality
Interruption - answerInterruption attacks cause our assets to become unusable or unavailable for
our use, on a temporary or permanent basis. Interruption attacks often affect availability but can
be an attack on integrity as well. In the case of a DoS attack on a mail server, we would classify this
as an availability attack.
Affects Integrity and availability
Modification - answerModification attacks involve tampering with our asset. If we access a file in
an unauthorized manner and alter the data it contains, we have affected the integrity of the data
contained in the file.
Fabrication - answerFabrication attacks involve generating data, processes, communications, or
other similar activities with a system. Fabrication attacks primarily affect integrity but could be
considered an availability attack as well. If we generate spurious information in a database, this
would be considered to be a fabrication attack.
, Affects Integrity and Availability
Threat - answerSomething that has potential to cause harm
Vulnerability - answerWeaknesses that can be used to harm us
Risk - answerLikeliness that something bad will happen
Impact - answerThe value of the asset is used to assess if a risk is present
Something you know - answerPassword or PIN
Something you are - answerAn authentication factor using biometrics, such as a fingerprint
scanner.
Something you have - answerAuthentication factor that relies on possession (FOB, Card, Cell
Phone, Key)
Something you do - answerAn authentication factor indicating action, such as gestures on a touch
screen.
Multifactor Authentication - answerUses one or more authentication methods for access
Mutual Authentication - answerA security mechanism that requires that each party in a
communication verify its identity.
Can be combine with multifactor authentication.
