WGU D430 Fundamentals of
Information Security FINAL EXAM
(QUESTIONS AND DETAILED
ANSWERS) ALREADY GRADED A+
Information security - ANSWER Keeping data, software, and
hardware secure against unauthorized access, use, disclosure,
disruption, modification, or destruction.
Compliance - ANSWER The requirements that are set forth by
laws and industry regulations. Example : HIPPA/ HITECH-
healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies
CIA - ANSWER The core model of all information security.
Confidential, integrity and availability
Confidential - ANSWER Allowing only those authorized to
access the data requested
integrity - ANSWER Keeping data unaltered by accidental or
malicious intent
Block Cipher - ANSWER An encryption method that encrypts
data in fixed-side blocks. Block size is 64 bits .
Stream Cipher - ANSWER An encryption method that encrypts
data as a stream of bits or bytes. One bit at a time.
DES - ANSWER A block cipher based on symmetric key
cryptography and uses a 56- but key. Was once considered very
secure but that is no longer the case
, 3DES - ANSWER Triple Digital Encryption Standard. A
symmetric algorithm used to encrypt data and provide
confidentiality. It was originally designed as a replacement for
DES. It uses multiple keys and multiple passes and is not as
efficient as AES, but is still used in some applications, such as
when hardware doesn't support AES.
AES - ANSWER A set of symmetrical block ciphers endorsed
by the us government through NIST . Is used by a variety of
organizations. It is the replacement for DES as the standard
encryption for us government . Uses 3 different ciphers one a
128 bit key one 192-bit key and one 256- bit key
Symmetric block cipher programs - ANSWER Two fish,
serpent, blowfish , cat5, IDEA
Stream cipher programs - ANSWER RC4, ORXY, and SEAL
Elliptic Curve Cryptography (ECC) - ANSWER A type of
public key cryptosystem that requires a shorter key length than
many other cryptography systems (including the de facto
industry standard, RSA).
Protecting data at rest - ANSWER Data is at ready when it is on
a storage device of some kind and is not moving over a network,
or a protocol
Availability - ANSWER The ability to access data when needed
Parkerian hexad model - ANSWER Confidentiality , integrity,
availability, possession/control, authenticity, utility
Possession/ control - ANSWER Refers to the physical
disposition of the media on which the data is stored
authenticity - ANSWER Allows us to talk about the proper
attribution as to the owner or creator of the data in question
, Utility - ANSWER How useful the data is to us
Types of attacks - ANSWER 1- interception
2- interruption
3- modification
4- fabrication
Interception - ANSWER Attacks allows unauthorized users to
access our data, applications, or environments. Are primarily an
attack against confidentiality
Interruption - ANSWER Attacks cause our assets to become
unstable or unavailable for our use, on a temporary or
permanent basis. This attack affects availability but can also
attack integrity
Modification - ANSWER Attacks involve tampering with our
asset. Such attacks might primarily be considered an integrity
attack, but could also be an availability attack.
Fabrication - ANSWER Attacks involve generating data,
processes, communications, or other similar activities with a
system. Attacks primarily affect integrity but can be considered
an availability attack.
Risk - ANSWER The likelihood that a threat will occur. There
must be a threat and vulnerability
Threat - ANSWER Any event being man-made, natural or
environmental that could damage the assets
Vulnerabilities - ANSWER Weakness that a threat event or the
threat can take advantage of
Information Security FINAL EXAM
(QUESTIONS AND DETAILED
ANSWERS) ALREADY GRADED A+
Information security - ANSWER Keeping data, software, and
hardware secure against unauthorized access, use, disclosure,
disruption, modification, or destruction.
Compliance - ANSWER The requirements that are set forth by
laws and industry regulations. Example : HIPPA/ HITECH-
healthcare, PCI/DSS- payment card industry, FISMA- federal
government agencies
CIA - ANSWER The core model of all information security.
Confidential, integrity and availability
Confidential - ANSWER Allowing only those authorized to
access the data requested
integrity - ANSWER Keeping data unaltered by accidental or
malicious intent
Block Cipher - ANSWER An encryption method that encrypts
data in fixed-side blocks. Block size is 64 bits .
Stream Cipher - ANSWER An encryption method that encrypts
data as a stream of bits or bytes. One bit at a time.
DES - ANSWER A block cipher based on symmetric key
cryptography and uses a 56- but key. Was once considered very
secure but that is no longer the case
, 3DES - ANSWER Triple Digital Encryption Standard. A
symmetric algorithm used to encrypt data and provide
confidentiality. It was originally designed as a replacement for
DES. It uses multiple keys and multiple passes and is not as
efficient as AES, but is still used in some applications, such as
when hardware doesn't support AES.
AES - ANSWER A set of symmetrical block ciphers endorsed
by the us government through NIST . Is used by a variety of
organizations. It is the replacement for DES as the standard
encryption for us government . Uses 3 different ciphers one a
128 bit key one 192-bit key and one 256- bit key
Symmetric block cipher programs - ANSWER Two fish,
serpent, blowfish , cat5, IDEA
Stream cipher programs - ANSWER RC4, ORXY, and SEAL
Elliptic Curve Cryptography (ECC) - ANSWER A type of
public key cryptosystem that requires a shorter key length than
many other cryptography systems (including the de facto
industry standard, RSA).
Protecting data at rest - ANSWER Data is at ready when it is on
a storage device of some kind and is not moving over a network,
or a protocol
Availability - ANSWER The ability to access data when needed
Parkerian hexad model - ANSWER Confidentiality , integrity,
availability, possession/control, authenticity, utility
Possession/ control - ANSWER Refers to the physical
disposition of the media on which the data is stored
authenticity - ANSWER Allows us to talk about the proper
attribution as to the owner or creator of the data in question
, Utility - ANSWER How useful the data is to us
Types of attacks - ANSWER 1- interception
2- interruption
3- modification
4- fabrication
Interception - ANSWER Attacks allows unauthorized users to
access our data, applications, or environments. Are primarily an
attack against confidentiality
Interruption - ANSWER Attacks cause our assets to become
unstable or unavailable for our use, on a temporary or
permanent basis. This attack affects availability but can also
attack integrity
Modification - ANSWER Attacks involve tampering with our
asset. Such attacks might primarily be considered an integrity
attack, but could also be an availability attack.
Fabrication - ANSWER Attacks involve generating data,
processes, communications, or other similar activities with a
system. Attacks primarily affect integrity but can be considered
an availability attack.
Risk - ANSWER The likelihood that a threat will occur. There
must be a threat and vulnerability
Threat - ANSWER Any event being man-made, natural or
environmental that could damage the assets
Vulnerabilities - ANSWER Weakness that a threat event or the
threat can take advantage of
