WGU Course C836 - Fundamentals of
Information Security updated 2024.
______ ensures the protection of information, operations, and assets in federal government.
A SOX
B PCI DSS
C FERPA
D HIPAA
E FISMA - ANSWER-E
______ protects the customers of financial institutions.
A PCI DSS
B SOX
C FISMA
D FERPA
E GLBA - ANSWER-E
______ protects the privacy of students and their parents.
A PCI DSS
B FISMA
C HIPAA
D GLBA
E FERPA - ANSWER-E
______ regulates the financial practice and governance of corporations.
,A FERPA
B HIPAA
C GLBA
D FISMA
E SOX - ANSWER-E
______ sets limits on the use and disclosure of patient information and grants individuals rights over
their own health records.
A HIPAA
B SOX
C GLBA
D FERPA
E PCI DSS - ANSWER-A
________ protects the privacy of students and their parents. Also grants certain rights to students
and parents regarding the student's own records. - ANSWER-The Family Educational Rights and
Privacy Act (FERPA)
________ provides a framework for ensuring the effectiveness of information security controls in
government. This legislation is intended to protect government information, operations, and assets
from any natural or manmade threat. This requires each federal agency to develop, document, and
implement an information security program to protect its information and information systems. -
ANSWER-The Federal Information Security Modernization Act (FISMA)
__________ requires privacy protections for individually identifiable health information, also known
as protected health information, or PHI. - ANSWER-Health Insurance Portability and Accountability
Act (HIPAA)
___________ attacks cause our assets to become unusable or unavailable for our use, on a
temporary or permanent basis. These attacks affect ____________, such as a DDOS attack, but can
be an attack on integrity as well. - ANSWER-Interruption; Availability
___________ protects the customers of financial institutions, essentially any company offering
financial products or services, financial or investment advice, or insurance. Requires financial
,institutions to safeguard a consumer's "nonpublic personal information," or NPI - ANSWER-The
Gramm-Leach-Bliley Act (GLBA)
___________ provides us with the means to trace activities in our environment back to their source.
A Accountability
B Authentication
C Access
D Nonrepudiation
E Authorization - ANSWER-A
_____________ are based on rules, laws, policies, procedures, guidelines, and other items that are
"paper" in nature. An example is one that requires us to change our password every 90 days. One
important concept when we discuss this type of control is the ability to enforce compliance with
them. If we do not have the authority or the ability to ensure that our controls are being complied
with, they are worse than useless, because they create a false sense of security. - ANSWER-
Administrative Controls
_____________ is a popular, fully-featured sniffer capable of intercepting traffic from a wide variety
of wired and wireless sources.
A Hping3
B NetStumbler
C Wireshark
D Kismet - ANSWER-C
_____________ is a sniffer that specializes in detecting wireless devices.
A Kismet
B Wireshark
C NetStumbler
D Hping3 - ANSWER-A
, _____________ is the next step taken after we have completed identification and authentication. -
ANSWER-Authorization
_____________ regulates the financial practice and governance of corporations and is designed to
protect investors and the general public by establishing requirements regarding reporting and
disclosure practices. - ANSWER-The Sarbanes-Oxley Act (SOX)
______________ attacks allow unauthorized users to access our data, applications, or environments,
and are primarily an attack against _______________ of the CIA triad. The form of unauthorized file
viewing or copying, eavesdropping on phone conversations, or reading e-mail, and can be conducted
against data at rest or in motion. - ANSWER-Interception; Confidentiality
_______________ attacks involve tampering with our asset. Such attacks might primarily be
considered an ______________ attack but could also represent an availability attack. If we access a
file in an unauthorized manner and alter the data it contains, we have affected the integrity of the
data contained in the file. However, if we consider the case where the file in question is a
configuration file that manages how a particular service behaves, perhaps one that is acting as a Web
server, we might affect the availability of that service by changing the contents of the file. - ANSWER-
Modification; Integrity
________________ is a web-related technology used to develop web pages while ____________
refers to an attack where malicious code is embedded into the web page. - ANSWER-CSS; XSS
___________________ attacks involve generating data, processes, communications, or other similar
activities with a system. Primarily affects ____________ but could be considered an availability
attack as well. - ANSWER-Fabrication; Integrity
_____________controls, are those that protect the systems, networks, and environments that
process, transmit, and store our data. Common examples are: passwords, encryption, logical access
controls, firewalls, and intrusion detection systems. - ANSWER-Logical and Technical Controls
1 - Identification
2 - Authentication
3 - Authorization
4 - Access - ANSWER-Accountability
1 - Preparation
