WGU, Information Security and Assurance (C725), SET I 2024/2025 Questions and Answers
0 vue 0 fois vendu
Cours
Nursing education
Établissement
Nursing Education
WGU, Information Security and Assurance (C725), SET I 2024/2025 Questions and Answers
Information security is primarily a discipline to manage the behavior of _____.
A. Technology
B. People
C. Processes
D. Organizations
People
Careers in information security are booming because of which ...
WGU, Information Security and Assurance (C725), SET I
2024/2025 Questions and Answers
Information security is primarily a discipline to manage the behavior of _____.
A. Technology
B. People
C. Processes
D. Organizations
People
Careers in information security are booming because of which of the following
factors?
A. Threats of cyberterrorism
B. Government regulations
C. Growth of the Internet
D. All of these
All of these
A program for information security should include which of the following
elements?
A. Security policies and procedures
B. Intentional attacks only
C. Unintentional attacks only
D. None of these
Security policies and proceduresExplanation:
Answer A is correct. The Carnegie Melon Information Network Institute (INI) designed
programs to carry out multiple tasks including Information Security Policies.
The growing demand for InfoSec specialists is occurring predominantly in which
of the following types of organizations?
A. Government
B. Corporations
C. Not-for-profit foundations
D. All of these
D. All of these
The concept of the measures used to ensure the protection of the secrecy of
data, objects, or resources.
Confidentiality
A catchall safe rating for any box with a lock on it. This rating describes the
thickness of the steel used to make the lockbox. No actual testing is performed to
gain this rating.
B-Rate Safe Rating
This safe rating is defined as a variably thick steel box with a 1-inch-thick door
and a lock. No tests are conducted to provide this rating, either.
C-Rate Safe Rating
Safes with an Underwriters Laboratory rating that have passed standardized tests
as defined in Underwriters Laboratory Standard 687 using tools and an expert
,group of safe-testing engineers. The safe rating label requires that the safe be
constructed of 1-inch solid steel or equivalent. The label means that the safe has
been tested for a net working time of 15 minutes using "common hand tools,
drills, punches hammers, and pressure applying devices." Net working time
means that when the tool comes off the safe, the clock stops. Engineers exercise
more than 50 different types of attacks that have proven effective for
safecracking.
UL TL-15 Safe Rating
This Underwriters Laboratory rating testing is essentially the same as the TL-15
testing, except for the net working time. Testers get 30 minutes and a few more
tools to help them gain access. Testing engineers usually have a safe's
manufacturing blueprints and can disassemble the safe before the test begins to
see how it works.
UL TL-30 Safe Rating
Related to information security, confidentiality is the opposite of which of the
following?
A. Closure
B. Disclosure
C. Disaster
D. Disposal
B. Disclosure Explanation: Confidentiality models are primarily intended to ensure that
no unauthorized access to information is permitted and that accidental disclosure of
sensitive information is not possible.
Integrity models have which of the three goals:
A. Prevent unauthorized users from making modifications to data or programs
B. Prevent authorized users from making improper or unauthorized modifications
C. Maintain internal and external consistency of data and programs
D. All of these
D. All of these Explanation: Integrity models keep data pure and trustworthy by
protecting system data from intentional or accidental changes.
Information security professionals usually address which of these three common
challenges to availability:
A. Denial of service (DoS) due to intentional attacks or because of undiscovered
flaws in implementation (for example, a program written by a programmer who is
unaware of a flaw that could crash the program if a certain unexpected input is
encountered)
B. Loss of information system capabilities because of natural disasters (fires,
floods, storms, or earthquakes) or human actions (bombs or strikes)
C. Equipment failures during normal use.
D. All of these
D. All of theseExplanation:Availability models keep data and resources available for
authorized use, especially during emergencies or disasters.
, Which of the following represents the three goals of information security?
A. Confidentiality, integrity, and availability
B. Prevention, detection, and response
C. People controls, process controls, and technology controls
D. Network security, PC security, and mainframe security
A. Confidentiality, integrity, and availabilityExplanation:These goals form the
confidentiality, integrity, availability (CIA) triad, the basis of all security programs.
Usually a documented argument or stated position in order to define a need to
make a decision or take some form of action.
Business Case
A type of security management planning where upper, or senior, management is
responsible for initiating and defining policies for the organization.
Top-down approach
A type of security management planning where IT staff makes security decisions
directly without input from senior management. This approach is rarely used in
organizations and is considered problematic in the IT industry.
Bottom-up approach
This security plan is a long-term plan that is fairly stable. It defines the
organization's security purpose. It also helps to understand security function and
align it to the goals, mission, and objectives of the organization. It's useful for
about five years if it is maintained and updated annually. This plan also serves as
the planning horizon. Long-term goals and visions for the future are discussed
this plan. Thisplan should include a risk assessment.
Strategic Plan
This security plan is a midterm plan developed to provide more details on
accomplishing the goals set forth in the strategic plan or can be crafted ad hoc
based upon unpredicted events. This plan is typically useful for about a year and
often prescribes and schedules the tasks necessary to accomplish organizational
goals. Some examples of these plans are project plans, acquisition plans, hiring
plans, budget plans, maintenance plans, support plans, and system development
plans.
Tactical Plan
This security plan is a short-term, highly detailed plan based on the strategic and
tactical plans. It is valid or useful only for a short time. These plans must be
updated often (such as monthly or quarterly) to retain compliance with tactical
plans. These plans spell out how to accomplish the various goals of the
organization. They include resource allotments, budgetary requirements, staffing
assignments, scheduling, and step-by-step or implementation procedures. These
plans include details on how the implementation processes are in compliance
with the organization's security policy. Examples of these plans are training
plans, system deployment plans, and product design plans.
Operational Plan
Also called classification, the primary means by which data is protected based on
its need for secrecy, sensitivity, or confidentiality. It is the process of organizing
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur magdamwikash23. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour $14.48. Vous n'êtes lié à rien après votre achat.