100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Fundamentals of Information Security all Questions & answers solved accurately with Complete Solution Graded A+ latest version CA$18.81   Add to cart
Quickly navigate to
Preview
  2.  
  3. WGU C840
  4.  
  5. WGU C840
  6.  
  7. WGU C840

Exam (elaborations)

Fundamentals of Information Security all Questions & answers solved accurately with Complete Solution Graded A+ latest version
 0 view  0 purchase

Fundamentals of Information Security all Questions & answers solved accurately with Complete Solution Graded A+ latest version

Preview 4 out of 32  pages

Document information

  • July 6, 2024
  • 32
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers

Subjects

  • fundamentals of information security all questions

Written for

All documents for this subject (202)

Seller

avatar-seller
TUTORSON

Reviews received

Content preview

Fundamentals of Information Security
What is Information Security? - CORRECT ANSWER-Protecting information and
information systems from:
1. Unauthorized access,
2. use,
3. disclosure,
4. disruption,
5. modification, or
6. destruction.

logical assets - CORRECT ANSWER-assets that exists as data or intellectual property.

PCI DDS - CORRECT ANSWER-Payment Card Industry Data Security Standard

HIPAA - CORRECT ANSWER-Health Insurance Portability and Accountability Act of
1996

FISMA - CORRECT ANSWER-federal info security management act - US law requires
federal agencies to create, document and implement security program

CIA Triad - CORRECT ANSWER-Confidentiality, Integrity, Availability

model for discussing security concepts.

expressed in negative form as disclosure, alteration and denial (DAD)

Confidentiality - CORRECT ANSWER-the ability to protect our data from those who are
not authorized to view it.

Integrity - CORRECT ANSWER-is the ability to prevent people from changing your data
in an unauthorized or undesirable manner.

Availability - CORRECT ANSWER-is the ability to access our data when we need it.

Parkerian hexad - CORRECT ANSWER-Confidentiality,
Integrity,
Availability,
PC possession or control,

,Authenticity,
Utility

Parkerian image - CORRECT ANSWER-

possession or control - CORRECT ANSWER-refers to the physical disposition of the
media on which the data is stored. This enables you to discuss your loss of the data in
its physical medium without involving other factors such as availability.

The principle of authenticity - CORRECT ANSWER-allows you to say whether you've
attributed the data in question to the proper owner or creator.

utility - CORRECT ANSWER-refers to how useful the data is to you.

You may face attacks from a wide variety of approaches and angles. You can break
these down according to the. . . - CORRECT ANSWER-type of attack, the risk the
attack represents, and the controls you might use to mitigate it.

Interception attacks - CORRECT ANSWER-allow unauthorized users to access your
data, applications, or environments, and they are primarily attacks against
confidentiality.

Data at rest - CORRECT ANSWER-is stored data that is not in the process of being
moved from one place to another. It may be on a hard drive or flash drive, or it may be
stored in a database, for example. This type of data is generally protected with some
sort of encryption, often at the level of the file or entire storage device.

Data in motion - CORRECT ANSWER-is data that is moving from one place to another.
When you are using your online banking session, the sensitive data flowing between
your web browser and your bank is data in motion. Data in motion is also protected by
encryption, but in this case the encryption protects the network protocol or path used to
move the data from one place to another.

data in use - CORRECT ANSWER-___________ __ __________ would be data that an
application or individual was actively accessing or modifying. Protections on data in use
would include permissions and authentication of users. Often you will find the concept of
data in use conflated with data in motion.

Interruption attacks - CORRECT ANSWER-make your assets unusable or unavailable
to you on a temporary or permanent basis.

,i.e. DOS attack

Modification attacks - CORRECT ANSWER-involve tampering with an asset.

Fabrication attacks - CORRECT ANSWER-involve generating data, processes,
communications, or other similar material with a system.

When you look at how an attack might affect you, you can speak of it in terms of. . . -
CORRECT ANSWER-threats, vulnerabilities, and the associated risk.

a threat - CORRECT ANSWER-is something that has the potential to cause harm.

Vulnerabilities - CORRECT ANSWER-are weaknesses, or holes, that threats can exploit
to cause you harm.

Risk - CORRECT ANSWER-______________ is the likelihood that something bad will
happen. For you to have a _______ in an environment, you need to have both a threat
and a vulnerability that the threat could exploit.

Impact - CORRECT ANSWER-Some organizations, such as the US National Security
Agency (NSA), add a factor to the threat/vulnerability/risk equation called
______________. ______________ takes into account the value of the asset being
threatened and uses it to calculate risk.

Define the risk management process and its stages.

I I A A M - CORRECT ANSWER-Identify assets
Identify threats. "Use CIA or Parkerian"
Assess Vulnerabilities
Assess risks
Mitigate risks

controls. - CORRECT ANSWER-Used to mitigate risk, divided into three categories:
physical,
administrative.
logical

To mitigate risks, you can put measures in place to account for each threat.
these are called - CORRECT ANSWER-controls

, Physical controls - CORRECT ANSWER-protect the physical environment in which your
systems sit, or where your data is stored. Such controls also control access in and out
of such environments. Physical controls include fences, gates, locks, bollards, guards,
and cameras, but also systems that maintain the physical environment, such as heating
and air-conditioning systems, fire suppression systems, and backup power generators.

Logical controls, sometimes called technical controls, - CORRECT ANSWER-protect
the systems, networks, and environments that process, transmit, and store your data.
Logical controls can include items such as passwords, encryption, access controls,
firewalls, and intrusion detection systems.

Administrative controls - CORRECT ANSWER-are based on rules, laws, policies,
procedures, guidelines, and other items that are "paper" in nature. Administrative
controls dictate how the users of your environment should behave.

The incident response process, at a high level, consists of the following: - CORRECT
ANSWER-Preparation
Detection and analysis
Containment
Eradication
Recovery
Post-incident activity

Intrusion Detection System (IDS) - CORRECT ANSWER-a computer program that
senses when another computer is attempting to scan or access a computer or network

security information and event monitoring SIEM - CORRECT ANSWER-??

managed security service provider (MSSP) - CORRECT ANSWER-A company that
monitors, manages, and maintains computer and network security for other
organizations.

incident response process: Containment - CORRECT ANSWER-involves taking steps
to ensure that the situation doesn't cause any more damage than it already has—or at
least lessen any ongoing harm.

incident response process:During eradication - CORRECT ANSWER-, you'll attempt to
remove the effects of the issue from your environment.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller TUTORSON. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for CA$18.81. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

78075 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
CA$18.81
  • (0)
  Add to cart