WGU C725 Information Assurance – Questions &
Answers (Pass!)
Question 1 : Which of the following contains the primary goals and objectives
of security? Right Ans - The CIA Triad
STRIDE is often used in relation to assessing threats against applications or
operating systems. Which of the following is not an element of STRIDE?
Right Ans - Disclosure
What element of data categorization management can override all other forms
of access control? Right Ans - Taking ownership
Which of the following is not considered a violation of confidentiality?
Right Ans - Hardware destruction
Which of the following is the lowest military data classification for classified
data? Right Ans - Secret
Which of the following is typically not a characteristic considered when
classifying data? Right Ans - Size of object
Which of the following is not considered an example of data hiding? Right
Ans - Preventing an authorized reader of an object from deleting that object
Question 10 : Which commercial business/private sector data classification is
used to control information about individuals within an organization?
Right Ans - Private
The commercial business/private sector data classification of private is used
to protect information about individuals.
Data classifications are used to focus security controls over all but which of
the following? Right Ans - Layering
Layering is a core aspect of security mechanisms, but it is not a focus of data
classifications.
What is the primary goal of change management? Right Ans - Preventing
security compromises
,Which of the following is a principle of the CIA Triad that means authorized
subjects are granted timely and uninterrupted access to objects? Right Ans
- Availability
What ensures that the subject of an activity or event cannot deny that the
event occurred? Right Ans - Nonrepudiation
What is the primary objective of data classification schemes? Right Ans - to
formalize and stratify the process of securing data based on assigned labels of
importance and sensitivity
_______________ refers to keeping information confidential that is personally
identifiable or that might cause harm, embarrassment, or disgrace to someone
if revealed. Right Ans - Privacy
Vulnerabilities and risks are evaluated based on their threats against which of
the following? Right Ans - One or more of the CIA Triad principles
What are the two common data classification schemes? Right Ans - Military
and private sector
Which of the following is the most important and distinctive concept in
relation to layered security? Right Ans - Series
STRIDE Right Ans - Spoofing
tampering
repudiation
information disclosure
denial of service
levation of privilege.
Question 1 : You've performed a basic quantitative risk analysis on a specific
threat/vulnerability/risk relation. You select a possible countermeasure.
When performing the calculations again, which of the following factors will
change? Right Ans - Annualized rate of occurrence
f an organization contracts with outside entities to provide key business
functions or services, such as account or technical support, what is the process
, called that is used to ensure that these entities support sufficient security?
Right Ans - Third-party governance
How is the value of a safeguard to a company calculated? Right Ans - ALE
before safeguard - ALE after implementing the safeguard - annual cost of
safeguard
Which of the following is not an element of the risk analysis process? Right
Ans - Selecting appropriate safeguards and implementing them
What process or event is typically hosted by an organization and is targeted to
groups of employees with similar job functions? Right Ans - Training
When an employee is to be terminated, which of the following should be
done? Right Ans - Disable the employee's network access just as they are
informed of the termination.
Which of the following is a primary purpose of an exit interview? Right Ans
- To review the nondisclosure agreement
What security control is directly focused on preventing collusion? Right
Ans - Separation of duties
How is single loss expectancy (SLE) calculated? Right Ans - Asset value ($)
* exposure factor
When evaluating safeguards, what is the rule that should be followed in most
cases? Right Ans - The annual costs of safeguards should not exceed the
expected annual cost of asset loss.
Which of the following is the weakest element in any security solution?
Right Ans - Humans
When a safeguard or a countermeasure is not present or is not sufficient, what
remains? Right Ans - Vulnerability
Which of the following represents accidental or intentional exploitations of
vulnerabilities? Right Ans - Threat events
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Zendaya. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for R261,87. You're not tied to anything after your purchase.