WGU's D430 Flashcards
A tornado destroyed a data center. Which side of the CIA triad is most affected?
Authenticity
Availability
Utility
Integrity
Availability ensures authorized users have access to resources when needed.
What element of the Parkerian Hexad is concerned with usefulness?
Integrity
Confidentiality
Utility
Availability
Utility refers to how useful the data is.
Which attribute of the Parkerian hexad allows for proper attribution of the owner of a dataset?
Possession
Availability
Authenticity
Integrity
Authenticity is the process of ensuring and confirming that the identity of the user is genuine and legitimate. Proving who you are.
Which type of attack category is an attack against confidentiality?
Interception.
Modification.
Fabrication.
Interruption.
Interception attacks allow unauthorized users to access data, applications, or environments.
Which two attributes are included in the concept of risk? Choose two answers.
Threats
Frequency
Vulnerabilities
Impacts
A threat is something that has the potential to cause harm.
Vulnerabilities are weaknesses that can be used to cause harm.
Which phase of the incident response (IR) process includes putting the system back better than the original state?
Post-incident activity.
Containment.
Recovery.
Detection and Analysis
The goal of the recovery phase is to recover to a better state than prior to the incident. This may include activities such as restoring devices or data from backups, rebuilding systems, reloading applications, and mitigating the attack vectors that were used.
Which concept refers to adding layers of security to our networks?
Administrative control depth.
Defense in depth.
Physical control depth.
Logical control depth.
Defense in depth is the coordinated use of multiple layers of security countermeasures to protect the integrity of the information assets.
Which concept refers to adding layers of security to our networks?
Administrative control depth.
Defense in depth.
Physical control depth.
Logical control depth.
Defense in depth is the coordinated use of multiple layers of security countermeasures to protect the integrity of the information assets.
Which combination of factors demonstrates multi-factor authentication?
Fingerprint and voice print
Password and Pin
Password and fingerprint
Voice print and weight
These two items include “something you know” and “something you are.”
What is the name of the process where the client authenticates the server and the server authenticates the client?
Token-based authentication
Mutual authentication
Two-factor authentication
Multifactor authentication
Mutual authentication is an authentication mechanism where both parties authenticate each other at the same time.
What is an example of identification?
Text to cell phone
Employee Number
Update Access
Fingerprint
Identification is the process of ascribing a user identifier (ID) to a human being or to another computer or network component.
What is an example of authentication?
Username
First Car
Read Only
Pin
Authentication refers to the verification of a process or user. A pin can be used to verify a user or process after successful identification.
What is an objective for performing an audit?
To ensure a company can respond effectively to a disaster.
To ensure compliance and detect misuse.
To ensure potential risks are identified and analyzed.
To ensure proper access is granted to resources.
Audits are performed to ensure compliance with applicable laws, policies, and other administrative controls is being accomplished as well as detecting misuse.
What are two common values for a network access control list (ACL)? Choose two answers.
Accept
Agree
Disagree
Deny
Allow
Permissions in network ACLs tend to be binary in nature, consisting of deny or allow. Deny does not permit access to defined resources. Allow permits access to defined resources.
What are two common types of access control lists (ACLs)? Choose two answers.
File system
Allow
Network
Deny
Database system
Access to files and directories is managed through access control lists (ACLs). It ensures that only authorized users get access to directories and files.
Access to network resources is managed through access control lists (ACLs). It ensures that only authorized users get access to network resources.
Which access control model allows access to be determined by the owner of the resource?
Mandatory access control (MAC)
Attribute-based access control (ABAC)
Role-based access control (RBAC)
Discretionary access control (DAC)
Discretionary access control (DAC) is an access control model based on access being determined by the owner of the resource.
Which form of access control uses CAPTCHAs?
Attribute-based access control (ABAC)
Rule-based access control (RBAC)
Media access control (MAC)
Discretionary Access Control (DAC)
Attribute-based access control is based on the attributes of a particular person, resources, or environment.
What is the disadvantage of logging?
Highly configurable
Resources
Reactive tool
History of activities
“logging” refers to the process of recording events, processes, and activities within a system, application, or any information technology environment.
Being “a reactive tool” refers to a system, process, or tool that responds to events or incidents after they have occurred, rather than preventing them proactively.
Resources: It takes up storage space.
Which cryptographic algorithm is obsolete?
Hash functions
Asymmetric key cryptography
Caeser cypher
Symmetric key cryptography
This was an early form of encryption named after Julius Caesar that’s easily breakable.
Which two laws protect the privacy of medical records and electronic health care information? Choose two answers.
HIPAA
PCI-DSS
HITECH
SOX
GLBA
HIPAA: The Health Insurance Portability and Accountability Act of 1996 is a U.S. law designed to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other healthcare providers. It sets standards for the protection of health information privacy and the security of electronic health records.
HITECH: The Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, aims to promote the adoption and meaningful use of health information technology. It strengthens the data privacy and security protections established by HIPAA, especially for electronic health records, and introduces stricter enforcement measures.
What jurisdiction does the General Data Protection Regulation regulate?
China
Russia
The European Union
The United States
Developed by the EU for data privacy.
Which act regulates the United States department of education?
GLBA
FERPA
GDPR
FISMA
FERPA protects student privacy.
Which act regulates federal departments in the United States?
GLBA
SOX
GDPR
FISMA
FISMA
Correct: Mandates government agencies to protect information systems.
Which act regulates customer privacy in the finance industry?
GLBA
SOX
GDPR
FISMA
The GLBA requires financial institutions to explain information sharing practices.
Which act regulates reporting of publicly traded companies?
CFAA
SOX
GDPR
FOIA
SOX mandates certain practices for financial record keeping.
In the context of information security, the three states of data are:
Data at Rest: Data that is stored on physical or digital media, not actively moving from device to device or network to network. It’s often protected by encryption and access controls.
Data in Motion (or Data in Transit): Data actively moving through networks, such as the internet or private networks, from one location to another, such as from a local storage device to a cloud server. It’s protected by secure transmission protocols like SSL/TLS.
Data in Use: Data being processed or used by applications, often residing in computer memory (RAM). Protecting it involves measures like access controls and runtime encryption.
Which type of algorithm is a symmetric key?
DES
ECC
RSA
SHA
DES is a block cipher symmetric algorithm.
Incorrect:
ECC is an asymmetric algorithm.
RSA is an asymmetric algorithm.
SHA is a hashing algorithm.
Which type of algorithm is an asymmetric key?
ECC
MD5
SHA
DES
It’s an example of public key cryptography based on elliptic curves over infinite fields.
Which two types of algorithms are hashing algorithms? Choose two answers.
MD5
3DES
SHA
ECC
AES
RC4
MD5 is an example of a hashing algorithm.
SHA is an example of a hashing algorithm.