WGU D430 Fundamentals of Information Security
Study online at https://quizlet.com/_dx6gke
1. Define the confidentiality in the CIA triad.: Our ability to protect data from those
who are not authorized to view it.
2. Examples of confidentiality: A patron using an ATM card wants to keep their
PIN number confidential.
An ATM owner wants to keep bank account numbers confidential.
3. How can confidentiality be broken?: Losing a laptop
An attacker gets access to info
A person can look over your shoulder
4. Define integrity in the CIA triad.: The ability to prevent people from changing
your data and the ability to reverse unwanted changes.
5. How do you control integrity?: Permissions restrict what users can do (read,
write, etc.)
6. Examples of integrity: Data used by a doctor to make medical decisions needs
to be correct or the patient can die.
7. Define the availability in the CIA triad.: Our data needs to be accessible when
we need it.
8. How can availability be broken?: Loss of power, application problems. If caused
by an attacker, this is a Denial of Service attack.
9. Define information security.: The protection of information and information
systems from unauthorized access, use, disclosure, disruption, modification, or
destruction in order to provide confidentiality, integrity, and availability.
10. Define the Parkerian Hexad and its principles.: The Parkerian Hexad includes
confidentiality, integrity, and availability from the CIA triad. It also includes posses-
sion (or control), authenticity, and utility.
11. Authenticity: Whether the data in question comes from who or where it says it
comes from (i.e. did this person actually send this email?)
12. Confidentiality is affected by what type of attack?: Interception (eaves drop-
ping)
13. Integrity is affected by what type of attacks?: Interruption (assets are unus-
able), modification (tampering with an asset), fabrication (generating false data)
14. Authenticity is affected by what type of attacks?: Interruption (assets are
unusable), modification (tampering with an asset), fabrication (generating false data)
15. Utility: How useful the data is to you (can be a spectrum, not just yes or no)
16. Possession: Do you physically have the data in question? Used to describe the
scope of a loss
17. Identify the four types of attacks: interception, interruption, modification, and
fabrication
18. Interception attacks: Make your assets unusable or unavailable
1/6
, WGU D430 Fundamentals of Information Security
Study online at https://quizlet.com/_dx6gke
19. Interruption attacks: cause assets to become unusable or unavailable for our
use, on a temporary or permanent basis
20. Modification attacks: Tampering with an asset
21. Fabrication attacks: Generating data, process, and communications
22. Define the risk management process: 1. Identify assets
2. Identify threats
3. Assess vulnerabilities
4. Assess risks
5. Mitigate risks
23. Define the incident response process and its stages.: Preparation
Detection and analysis
Containment
Eradication
Recovery
24. Preparation in incident response: creating policies and procedures
25. Detection in incident response: Using tools and humans to decide if an
incident is an incident
26. Defense in Depth: employing multiple layers of controls to avoid a single point
of failure
27. Identify types of controls to mitigate risk: physical, logical, administrative
28. Identify elements of risk management in policies and procedures.: Devel-
opment of robust policies
Identification of emergent recent
Identify elements of internal weakness
29. Identify the layers of a defense-in-depth strategy.: External network
Internal network
Host
Application
Data
30. Define identification: The claim of who we/networks are
31. Define identity verification.: Someone claims who they are and you take it one
step father and ask for ID
32. Define authentication: A set of methods used to determine if a claim of identity
is true.
33. Compare authentication types.: Multifactor authentication
Mutual authentication
2/6
Study online at https://quizlet.com/_dx6gke
1. Define the confidentiality in the CIA triad.: Our ability to protect data from those
who are not authorized to view it.
2. Examples of confidentiality: A patron using an ATM card wants to keep their
PIN number confidential.
An ATM owner wants to keep bank account numbers confidential.
3. How can confidentiality be broken?: Losing a laptop
An attacker gets access to info
A person can look over your shoulder
4. Define integrity in the CIA triad.: The ability to prevent people from changing
your data and the ability to reverse unwanted changes.
5. How do you control integrity?: Permissions restrict what users can do (read,
write, etc.)
6. Examples of integrity: Data used by a doctor to make medical decisions needs
to be correct or the patient can die.
7. Define the availability in the CIA triad.: Our data needs to be accessible when
we need it.
8. How can availability be broken?: Loss of power, application problems. If caused
by an attacker, this is a Denial of Service attack.
9. Define information security.: The protection of information and information
systems from unauthorized access, use, disclosure, disruption, modification, or
destruction in order to provide confidentiality, integrity, and availability.
10. Define the Parkerian Hexad and its principles.: The Parkerian Hexad includes
confidentiality, integrity, and availability from the CIA triad. It also includes posses-
sion (or control), authenticity, and utility.
11. Authenticity: Whether the data in question comes from who or where it says it
comes from (i.e. did this person actually send this email?)
12. Confidentiality is affected by what type of attack?: Interception (eaves drop-
ping)
13. Integrity is affected by what type of attacks?: Interruption (assets are unus-
able), modification (tampering with an asset), fabrication (generating false data)
14. Authenticity is affected by what type of attacks?: Interruption (assets are
unusable), modification (tampering with an asset), fabrication (generating false data)
15. Utility: How useful the data is to you (can be a spectrum, not just yes or no)
16. Possession: Do you physically have the data in question? Used to describe the
scope of a loss
17. Identify the four types of attacks: interception, interruption, modification, and
fabrication
18. Interception attacks: Make your assets unusable or unavailable
1/6
, WGU D430 Fundamentals of Information Security
Study online at https://quizlet.com/_dx6gke
19. Interruption attacks: cause assets to become unusable or unavailable for our
use, on a temporary or permanent basis
20. Modification attacks: Tampering with an asset
21. Fabrication attacks: Generating data, process, and communications
22. Define the risk management process: 1. Identify assets
2. Identify threats
3. Assess vulnerabilities
4. Assess risks
5. Mitigate risks
23. Define the incident response process and its stages.: Preparation
Detection and analysis
Containment
Eradication
Recovery
24. Preparation in incident response: creating policies and procedures
25. Detection in incident response: Using tools and humans to decide if an
incident is an incident
26. Defense in Depth: employing multiple layers of controls to avoid a single point
of failure
27. Identify types of controls to mitigate risk: physical, logical, administrative
28. Identify elements of risk management in policies and procedures.: Devel-
opment of robust policies
Identification of emergent recent
Identify elements of internal weakness
29. Identify the layers of a defense-in-depth strategy.: External network
Internal network
Host
Application
Data
30. Define identification: The claim of who we/networks are
31. Define identity verification.: Someone claims who they are and you take it one
step father and ask for ID
32. Define authentication: A set of methods used to determine if a claim of identity
is true.
33. Compare authentication types.: Multifactor authentication
Mutual authentication
2/6
