wgu c725 information security and assurance set ii questions and answers 20222023 verified answers
Written for
WGU C725
All documents for this subject (178)
Seller
Follow
Labsolution
Reviews received
Content preview
WGU C725 Information Security and Assurance SET II
1. After determining the potential attack concepts, the next step in threat
modeling is to perform analysis. analysis
is also known as decomposing the application, system, or environment.
The purpose of this task is to gain a greater understanding of the logic of
the product as well as its interactions with external elements. Also known
as decomposing the application: answer Reduction analysis
Whether an application, a system, or an entire environment, it needs
to be divided into smaller containers or compartments. Those might be
subroutines, modules, or objects if you're focusing on software,
computers, or operating systems; they might be protocols if you're
focusing on systems or networks; or they might be depart- ments,
tasks, and networks if you're focusing on an entire business
infrastructure. Each identified sub-element should be evaluated in
order to understand inputs, processing, security, data management,
storage, and outputs.
2. Trust Boundaries, Data Flow Paths, Input Points, Privileged
Operations, Details about Security Stance and Approach: answer The
Five Key Concepts in the Decomposition process.
3. In the decomposition process, any location where the level of trust
or security changes.: answer Trust Boundaries
4. In the decomposition process, the movement of data between locations:
, -
Answer Data Flow Paths
5. In the decomposition process, locations where external input is
received-
: answer Input Points
6. In the decomposition process, any activity that requires greater
privileges than of a standard user account or process, typically required to
make system changes or alter security: answer Privileged Operations
7. In the decomposition process, the declaration of the security policy,
secu- rity foundations, and security assumptions: answer Details about
Security Stance and Approach
8. The concept that most computers, devices, networks, and systems are
not built by a single entity.: answer supply chain
9. T or F
When evaluating a third party for your security integration, you should
consider the following processes : On-Site Assessment, Document
Exchange and Review, Process/Policy Review, Third-Party Audit: answer
True
, When engaging third-party assessment and monitoring services, keep
in mind that the external entity needs to show security-mindedness in
their business operations.
If an external organization is unable to manage their own internal
operations on a secure basis, how can they provide reliable security
management functions for yours?
10.Investigate the means by which datasets and documentation are ex-
changed as well as the formal processes by which they perform
assessments and reviews.: Document Exchange and Review
11.Visit the site of the organization to interview personnel and observe
their operating habits.: On-Site Assessment
12.Request copies of their security policies, processes/procedures, and
documentation of incidents and responses for review.: Process/Policy
Review
13. Having an independent third-party auditor, as defined by the American
Institute of Certified Public Accountants (AICPA), can provide an unbiased
review of an entity's security infrastructure, based on Service Organization
Control (SOC) (SOC) reports. Statement on Standards for Attestation En-
gagements (SSAE) is a regulation that defines how service organizations
report on their compliance using the various SOC reports. The SSAE 16
version of the regulation, effective June 15, 2011, was replaced by SSAE 18
as of May 1, 2017. The SOC1 and SOC2 auditing frameworks are worth con-
sidering for the purpose of a security assessment. The SOC1 audit focuses
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Labsolution. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
