10/31/24, 8:00 AM 2024 update | WGU C725|2024-2025 latest|COMPREHENSIVE QUESTIONS AND VERIFIED ANSWERS (100% Correct sol…
2024 update | WGU C725|2024-2025
latest|COMPREHENSIVE QUESTIONS AND
VERIFIED ANSWERS (100% Correct solutions)
GET IT 100% ACCURATE!!
Terms in this set (155)
1. Promote and preserve public trust and
Code of Ethics Canons'
confidence in information and systems. 2. Promote
described under 'Protect
the understanding and acceptance of prudent
society, the
information security measures. 3. Preserve and
commonwealth, and the
strengthen the integrity of the public infrastructure.
infrastructure
4. Discourage unsafe practice.
A Role Based Access Control (RBAC) model can
group users into roles based on the organization's
Role Based Access hierarchy, and it is a nondiscretionary access control
Control (RBAC) model. A nondiscretionary access control model
uses a central authority to determine which objects
that subjects can access.
1. Support for controls from management 2. Policies
based on business objectives 3. A complete
The preventions to
understanding of the types of control required 4. A
reduce the potential for
cost analysis of controls and cost assessment of a
data breach are:
potential breach 5. Employee security education,
training, and awareness
Capability tables are created for each subject, and
they identify the objects that the subject can access.
Capability tables It includes the authorization rights of the access
control subject such as read, write, execute, and so
on.
ACLs (access control ACLs (access control lists) are lists of subjects that
lists) are authorized to access a specific object.
,10/31/24, 8:00 AM 2024 update | WGU C725|2024-2025 latest|COMPREHENSIVE QUESTIONS AND VERIFIED ANSWERS (100% Correct sol…
An access control matrix is a table that includes
access control matrix
subjects, objects, and assigned privileges.
Aggregation is a process in which a user collects
and combines information from various sources to
obtain complete information. The individual parts of
Aggregation information are at the correct sensitivity, but the
combined information is not. A user can combine
information available at a lower privilege, thereby
reducing the information at a higher privilege level.
inference attacks, where the subject deduces the
complete information about an object from the bits
of information collected through aggregation.
Therefore, inference is the ability of a subject to
inference attacks derive implicit information. A protection mechanism
to limit inferencing of information in statistical
database queries is specifying a minimum query set
size, but prohibiting the querying of all but one of
the records in the database.
Polyinstantiation, also known as data contamination,
is used to conceal classified information that exists
in a database and to fool intruders. Polyinstantiation
ensures that users with lower access level are not
able to access and modify data categorized for a
higher level of access in a multi-level database.
Polyinstantiation can be used to reduce data
inference violations. When polyinstantiation is
implemented, two objects are created by using the
Polyinstantiation
same primary keys. One object is filled with
incorrect information and is deemed unclassified,
and the other object contains the original classified
information. When a user with lower level privileges
attempts to access the object, the user is directed to
the object containing incorrect information.
Polyinstantiation is concerned with the same
primary key existing at different classification levels
in the same database.
, 10/31/24, 8:00 AM 2024 update | WGU C725|2024-2025 latest|COMPREHENSIVE QUESTIONS AND VERIFIED ANSWERS (100% Correct sol…
Scavenging, also referred to as browsing, involves
looking for information without knowing its format.
Scavenging
Scavenging is searching the data residue in a system
to gain unauthorized knowledge of sensitive data.
Identification is the method used by a user or
process to claim who they are or to assert who they
claim to be. Identification involved supplying your
Identification user name, account number, or some other form of
personal identification. It is the means by which a
user provides a claim of his or her identity to a
system.
Authentication is the process of being recognized
by a system. Authentication involves supplying a
second piece of information, such as a password,
that is checked against a database for accuracy. If
Authentication
this piece of information matches the stored
information, the subject is authenticated. It is the
testing or reconciliation of evidence of a user's
identity.
The protection profile contains a set of security
requirements including functionality and assurance
criteria for a product and the rationale behind such
requirements. The corresponding evaluation
assurance level (EAL) rating intended for the
product is also specified. The environmental
conditions, the expected functional, the assurance
levels, and the product objectives are also included
Components of the
in the protection profile when the product is
Common Criteria
evaluated by the Common Criteria for a target
protection profile
evaluation rating. Evaluation tests are performed for
the targeted rating awarded to the target of
evaluation, and the results are verified before
granting an EAL rating to the intended product.
Components of the Common Criteria protection
profile include Target of Evaluation (TOE)
description, threats against the product that must be
addressed, and security objectives.
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller CodedNurse. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.99. You're not tied to anything after your purchase.
