WGU C845 Information
Systems Security
Exam QUESTIONS AND
VERIFIED CORRECT
ANSWERS GRADED A+
LATEST 100% GUARANTEED
PASS
Kerberos - CORRECT ANSWER-A single sign-on technology that includes a ticket-granting server,
ticket-granting tickets, and session tickets. It provides users access to authorized resources
based upon the one-time authentication of their credentials
logical access control - CORRECT ANSWER-Electronic hardware or software that limits users'
access to only the resources to which they have been given authorization
logical/technical controls - CORRECT ANSWER-Electronic hardware or software controls that are
placed in a network to mitigate risk
mandatory access control - CORRECT ANSWER-An access control methodology that requires the
subject as well as the object to be assigned a label. During an access process the labels are
"mediated," or compared by an application, device, or system that determines access. For
instance, a subject with a top-secret label wanting to access an object with a top-secret label
must be mediated or allowed access by a system, usually referred to as a trusted computing
base. In less critical systems an access control list may be used
multifactor authentication - CORRECT ANSWER-A type of authentication in which more than
one authentication technique is used to verify the authenticity of a user's identity. Multifactor
,authentication must feature at least two of the following: something you know, something you
are, or something you have
object - CORRECT ANSWER-Any resource such as database, application, or device that is
accessed by a subject. While object is passive and is acted upon by a subject, the subject is
referred to as active
penetration test - CORRECT ANSWER-An authorized negative test of a system, network, or
application to identify vulnerabilities
role-based access control - CORRECT ANSWER-Grouping similar individuals based upon their
roles and allowing them authorization to the same system resources
rule-based access control - CORRECT ANSWER-A control that determines access based on
preset rules such as locking out of the system during the weekend, password lockout after a
determined number of attempts were made, or system lockout after a predetermined period of
inactivity
single-factor authentication - CORRECT ANSWER-An authentication method in which only one
means of authentication is required, such as a password. Single-factor authentication would
require one of the following: something you know, something you are, or something you have
something you are - CORRECT ANSWER-An authentication factor based on biometric testing to
determine that a physical attribute matches an attribute on file
something you have - CORRECT ANSWER-An authentication factor based upon the possession
of an item such as a token device, key card, smart card, or hardware device
something you know - CORRECT ANSWER-An authentication factor based upon the knowledge
of information such as a password, PIN code, or access word
, somewhere you are - CORRECT ANSWER-An authentication factor based upon geographic
location such as a GPS coordinate or an unidentified network or system.
accreditation - CORRECT ANSWER-Formal acceptance by management that a system or
application has been certified and may be placed into operation.
baseline - CORRECT ANSWER-An established standard of activity. Normal or expected
measurement of activity against which other activity is measured.
breach - CORRECT ANSWER-An attack in which data is released to the public.
business impact analysis (BIA) - CORRECT ANSWER-Identification and prioritization of various
threats and the possibility of harm they may do to the business functions.
change control - CORRECT ANSWER-A methodology and formalized structure of presenting,
analyzing, authorizing, and recording changes to systems and applications.
input validation - CORRECT ANSWER-Actions taken to control or verify the data input into a
system. To test input data against an established baseline.
mobile code - CORRECT ANSWER-Computer instructions, applications, or information that
transfers automatically between devices without user intervention or sometimes knowledge.
recovery controls - CORRECT ANSWER-Controls put in place to return the environment to the
way it was prior to an incident.
recovery point objective (RPO) - CORRECT ANSWER-The established point at which an
application or department must be back online and operating after an incident.
Systems Security
Exam QUESTIONS AND
VERIFIED CORRECT
ANSWERS GRADED A+
LATEST 100% GUARANTEED
PASS
Kerberos - CORRECT ANSWER-A single sign-on technology that includes a ticket-granting server,
ticket-granting tickets, and session tickets. It provides users access to authorized resources
based upon the one-time authentication of their credentials
logical access control - CORRECT ANSWER-Electronic hardware or software that limits users'
access to only the resources to which they have been given authorization
logical/technical controls - CORRECT ANSWER-Electronic hardware or software controls that are
placed in a network to mitigate risk
mandatory access control - CORRECT ANSWER-An access control methodology that requires the
subject as well as the object to be assigned a label. During an access process the labels are
"mediated," or compared by an application, device, or system that determines access. For
instance, a subject with a top-secret label wanting to access an object with a top-secret label
must be mediated or allowed access by a system, usually referred to as a trusted computing
base. In less critical systems an access control list may be used
multifactor authentication - CORRECT ANSWER-A type of authentication in which more than
one authentication technique is used to verify the authenticity of a user's identity. Multifactor
,authentication must feature at least two of the following: something you know, something you
are, or something you have
object - CORRECT ANSWER-Any resource such as database, application, or device that is
accessed by a subject. While object is passive and is acted upon by a subject, the subject is
referred to as active
penetration test - CORRECT ANSWER-An authorized negative test of a system, network, or
application to identify vulnerabilities
role-based access control - CORRECT ANSWER-Grouping similar individuals based upon their
roles and allowing them authorization to the same system resources
rule-based access control - CORRECT ANSWER-A control that determines access based on
preset rules such as locking out of the system during the weekend, password lockout after a
determined number of attempts were made, or system lockout after a predetermined period of
inactivity
single-factor authentication - CORRECT ANSWER-An authentication method in which only one
means of authentication is required, such as a password. Single-factor authentication would
require one of the following: something you know, something you are, or something you have
something you are - CORRECT ANSWER-An authentication factor based on biometric testing to
determine that a physical attribute matches an attribute on file
something you have - CORRECT ANSWER-An authentication factor based upon the possession
of an item such as a token device, key card, smart card, or hardware device
something you know - CORRECT ANSWER-An authentication factor based upon the knowledge
of information such as a password, PIN code, or access word
, somewhere you are - CORRECT ANSWER-An authentication factor based upon geographic
location such as a GPS coordinate or an unidentified network or system.
accreditation - CORRECT ANSWER-Formal acceptance by management that a system or
application has been certified and may be placed into operation.
baseline - CORRECT ANSWER-An established standard of activity. Normal or expected
measurement of activity against which other activity is measured.
breach - CORRECT ANSWER-An attack in which data is released to the public.
business impact analysis (BIA) - CORRECT ANSWER-Identification and prioritization of various
threats and the possibility of harm they may do to the business functions.
change control - CORRECT ANSWER-A methodology and formalized structure of presenting,
analyzing, authorizing, and recording changes to systems and applications.
input validation - CORRECT ANSWER-Actions taken to control or verify the data input into a
system. To test input data against an established baseline.
mobile code - CORRECT ANSWER-Computer instructions, applications, or information that
transfers automatically between devices without user intervention or sometimes knowledge.
recovery controls - CORRECT ANSWER-Controls put in place to return the environment to the
way it was prior to an incident.
recovery point objective (RPO) - CORRECT ANSWER-The established point at which an
application or department must be back online and operating after an incident.
