100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
WGU C725 – Questions & Expert Verified Solutions R472,56
Add to cart
Quickly navigate to
Preview
  2.  
  3. WGU C725
  4.  
  5. WGU C725

Exam (elaborations)

WGU C725 – Questions & Expert Verified Solutions

 0 purchase
  • Course
  • WGU C725
  • Institution
  • WGU C725

WGU C725 – Questions & Expert Verified Solutions

Preview 4 out of 37  pages

Document information

  • November 10, 2024
  • 37
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • wgu c725 questions expert verified solutions

Written for

  • WGU C725
  • WGU C725

Seller

avatar-seller
Zendaya

Reviews received

Content preview

WGU C725 – Questions & Expert Verified Solutions

Information security is primarily a discipline to manage the behavior of
Right Ans - People

Careers in information security are booming because of which of the following
factors? Right Ans - threat of cyber terrorism, gov regs, growth of the
internet

Which of the following best represents the three objectives of information
security? Right Ans - CIA

A program for information security should include which of the following
elements? Right Ans - Security policies and procedures

Which of the following topics are part of an information security practice?
Right Ans - Laws and ethical practices, access controls, security architecture

Which college curriculum is more appropriate for a career in information
security Right Ans - business admin and comp info sciences

The formal study of information security has accelerated primarily for what
reason? Right Ans - (increasingly interconnected global networks)

Cybersecurity is like an umbrella. Under the umbrella are the following:
Right Ans - Compliance, policies, standards, admin, auditing, software dev
security, permission controls, incident response, physical security, intrusion
detection and prevention, ops controls, antivirus, security testing, training and
awareness, key management, public key infrastructure, disaster recovery,
access controls

The growing demand for InfoSec specialists is occurring predominantly in
which of the following types of organizations Right Ans - Gov, corporations,
not for profit foundations

What is meant by the phrase "the umbrella of information security"? Right
Ans - IS incorporates many different pursuits and disciplines

,Which of the following roles helps development teams meet security
requirements? Right Ans - Security consultants

Secuyrity consultants do this: Right Ans - perform risk analysis of new
systems by balancing the needs of business with the threats that stem from
opening up access to data or managing new information that could
compromise the business if it fell into the wrong hands.

Who is responsible for ensuring that systems are auditable and protected
from excessive privileges? Right Ans - Security admins

Security admins do this Right Ans - help to establish new user accounts,
ensure that auditing mechanisms are present and operating as needed, ensure
that communications between systems are securely implemented, and assist
in troubleshooting problems and responding to incidents that could
compromise confidentiality, integrity, or availability of the systems.

Which of the following roles is responsible for ensuring that third-party
suppliers and outsourced functions remain in security compliance? Right
Ans - Vendor managers

Vendor managers are needed to Right Ans - ensrue that outsourced
functions are operating within security policies and standards

Confidentiality is sometimes referred to as Right Ans - the principle of least
privilege, meaning that users should be given only enough privilege to
perform their duties, and no more. Some other synonyms for confidentiality
you might encounter include privacy, secrecy, and discretion.

Confidentiality models are primarily intended to Right Ans - ensure that no
unauthorized access to information is permitted and that accidental
disclosure of sensitive information is not possible. Common confidentiality
controls are user IDs and passwords

Related to information security, confidentiality is the opposite of which of the
following? Right Ans - Disclosure

One way to think of the CIA triad... Right Ans - Protect the confidentiality of
data

,Preserve the integrity of data
Promote the availability of data for authorized use

Integrity models ... Right Ans - keep data pure and trustworthy by
protecting system data from intentional or accidental changes.

Integrity models have three goals: Right Ans - Prevent unauthorized users
from making modifications to data or programs
Prevent authorized users from making improper or unauthorized
modifications
Maintain internal and external consistency of data and programs

An example of integrity checks is Right Ans - balancing a batch of
transactions to make sure that all the information is present and accurately
accounted for.

Availability models ... Right Ans - keep data and resources available for
authorized use, especially during emergencies or disasters.

Information security professionals usually address three common challenges
to availability: Right Ans - Denial of service (DoS) due to intentional attacks
or because of undiscovered flaws in implementation (for example, a program
written by a programmer who is unaware of a flaw that could crash the
program if a certain unexpected input is encountered)
Loss of information system capabilities because of natural disasters (fires,
floods, storms, or earthquakes) or human actions (bombs or strikes)
Equipment failures during normal use

Some activities that preserve confidentiality, integrity, and/or availability are
Right Ans - granting access only to authorized personnel, applying encryption
to information that will be sent over the Internet or stored on digital media,
periodically testing computer system security to uncover new vulnerabilities,
building software defensively, and developing a disaster recovery plan to
ensure that the business can continue to exist in the event of a disaster or loss
of access by personnel.

Which of the following represents the three goals of information security?
Spell it out Right Ans - Confidentiality, Integrity, and availability

, Layered security, as in the previous example, is known as defense in depth...
So Right Ans - This security is implemented in overlapping layers that
provide the three elements needed to secure assets: prevention, detection,
and response. Defense in depth also seeks to offset the weaknesses of one
security layer by the strengths of two or more layers.

Defense in depth is needed to ensure that which three mandatory activities
are present in a security system? Right Ans - (prevention, detection, and
response

. Verification is the process of Right Ans - confirming that one or more
predetermined requirements or specifications are met.

Validation then determines the Right Ans - correctness or quality of the
mechanisms used to meet the needs. In other words, you can develop
software that addresses a need, but it might contain flaws that could
compromise data when placed in the hands of a malicious user

Verification testing for seat belt functions might include Right Ans -
conducting stress tests on the fabric, testing the locking mechanisms, and
making certain the belt will fit the intended application, thus completing the
functional tests.

Validation, or assurance testing, might then include Right Ans - crashing
the car with crash-test dummies inside to "prove" that the seat belt is indeed
safe when used under normal conditions and that it can survive under harsh
conditions.

Which of the following best represents the two types of IT security
requirements? Right Ans - Functional and assurance

Functional requirements describe Right Ans - what a system should do.

Assurance requirements describe Right Ans - how functional requirements
should be implemented and tested.

When risks are well understood, three outcomes are possible: Right Ans -
The risks are mitigated (countered).

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying this summary from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Zendaya. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy this summary for R472,56. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67479 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy summaries for 15 years now

Start selling
R472,56
  • (0)
Add to cart
Added