WGU's D430

Question 1

A tornado destroyed a data center. Which side of the CIA triad is most affected?
Authenticity
Availability
Utility
Integrity

Answer 1

Availability ensures authorized users have access to resources when needed.

Question 2

What element of the Parkerian Hexad is concerned with usefulness?
Integrity
Confidentiality
Utility
Availability

Answer 2

Utility refers to how useful the data is.

Question 3

Which attribute of the Parkerian hexad allows for proper attribution of the owner of a dataset?
Possession
Availability
Authenticity
Integrity

Answer 3

Authenticity is the process of ensuring and confirming that the identity of the user is genuine and legitimate. Proving who you are.

Question 4

Which type of attack category is an attack against confidentiality?
Interception.
Modification.
Fabrication.
Interruption.

Answer 4

Interception attacks allow unauthorized users to access data, applications, or environments.

Question 5

Which two attributes are included in the concept of risk? Choose two answers.
Threats
Frequency
Vulnerabilities
Impacts

Answer 5

A threat is something that has the potential to cause harm.
Vulnerabilities are weaknesses that can be used to cause harm.

Question 6

Which phase of the incident response (IR) process includes putting the system back better than the original state?
Post-incident activity.
Containment.
Recovery.
Detection and Analysis

Answer 6

The goal of the recovery phase is to recover to a better state than prior to the incident. This may include activities such as restoring devices or data from backups, rebuilding systems, reloading applications, and mitigating the attack vectors that were used.

Question 7

Which concept refers to adding layers of security to our networks?
Administrative control depth.
Defense in depth.
Physical control depth.
Logical control depth.

Answer 7

Defense in depth is the coordinated use of multiple layers of security countermeasures to protect the integrity of the information assets.

Question 8

Which concept refers to adding layers of security to our networks?
Administrative control depth.
Defense in depth.
Physical control depth.
Logical control depth.

Answer 8

Defense in depth is the coordinated use of multiple layers of security countermeasures to protect the integrity of the information assets.

Question 9

Which combination of factors demonstrates multi-factor authentication?
Fingerprint and voice print
Password and Pin
Password and fingerprint
Voice print and weight

Answer 9

These two items include “something you know” and “something you are.”

Question 10

What is the name of the process where the client authenticates the server and the server authenticates the client?

Token-based authentication

Mutual authentication

Two-factor authentication

Multifactor authentication

Answer 10

Mutual authentication is an authentication mechanism where both parties authenticate each other at the same time.

Question 11

What is an example of identification?

Text to cell phone

Employee Number

Update Access

Fingerprint

Answer 11

Identification is the process of ascribing a user identifier (ID) to a human being or to another computer or network component.

Question 12

What is an example of authentication?

Username

First Car

Read Only

Pin

Answer 12

Authentication refers to the verification of a process or user. A pin can be used to verify a user or process after successful identification.

Question 13

What is an objective for performing an audit?

To ensure a company can respond effectively to a disaster.

To ensure compliance and detect misuse.

To ensure potential risks are identified and analyzed.

To ensure proper access is granted to resources.

Answer 13

Audits are performed to ensure compliance with applicable laws, policies, and other administrative controls is being accomplished as well as detecting misuse.

Question 14

What are two common values for a network access control list (ACL)? Choose two answers.

Accept

Agree

Disagree

Deny

Allow

Answer 14

Permissions in network ACLs tend to be binary in nature, consisting of deny or allow. Deny does not permit access to defined resources. Allow permits access to defined resources.

Question 15

What are two common types of access control lists (ACLs)? Choose two answers.

File system

Allow

Network

Deny

Database system

Answer 15

Access to files and directories is managed through access control lists (ACLs). It ensures that only authorized users get access to directories and files.
Access to network resources is managed through access control lists (ACLs). It ensures that only authorized users get access to network resources.

Question 16

Which access control model allows access to be determined by the owner of the resource?

Mandatory access control (MAC)

Attribute-based access control (ABAC)

Role-based access control (RBAC)

Discretionary access control (DAC)

Answer 16

Discretionary access control (DAC) is an access control model based on access being determined by the owner of the resource.

Question 17

Which form of access control uses CAPTCHAs?

Attribute-based access control (ABAC)

Rule-based access control (RBAC)

Media access control (MAC)

Discretionary Access Control (DAC)

Answer 17

Attribute-based access control is based on the attributes of a particular person, resources, or environment.

Question 18

What is the disadvantage of logging?

Highly configurable

Resources

Reactive tool

History of activities

Answer 18

“logging” refers to the process of recording events, processes, and activities within a system, application, or any information technology environment.

Being “a reactive tool” refers to a system, process, or tool that responds to events or incidents after they have occurred, rather than preventing them proactively.

Resources: It takes up storage space.

Question 19

Which cryptographic algorithm is obsolete?

Hash functions

Asymmetric key cryptography

Caeser cypher

Symmetric key cryptography

Answer 19

This was an early form of encryption named after Julius Caesar that’s easily breakable.

Question 20

Which two laws protect the privacy of medical records and electronic health care information? Choose two answers.

HIPAA

PCI-DSS

HITECH

SOX

GLBA

Answer 20

HIPAA: The Health Insurance Portability and Accountability Act of 1996 is a U.S. law designed to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other healthcare providers. It sets standards for the protection of health information privacy and the security of electronic health records.

HITECH: The Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, aims to promote the adoption and meaningful use of health information technology. It strengthens the data privacy and security protections established by HIPAA, especially for electronic health records, and introduces stricter enforcement measures.

Question 21

What jurisdiction does the General Data Protection Regulation regulate?

China

Russia

The European Union

The United States

Answer 21

Developed by the EU for data privacy.

Question 22

Which act regulates the United States department of education?

GLBA

FERPA

GDPR

FISMA

Answer 22

FERPA protects student privacy.

Question 23

Which act regulates federal departments in the United States?

GLBA

SOX

GDPR

FISMA

Answer 23

FISMA

Correct: Mandates government agencies to protect information systems.

Question 24

Which act regulates customer privacy in the finance industry?

GLBA

SOX

GDPR

FISMA

Answer 24

The GLBA requires financial institutions to explain information sharing practices.

Question 25

Which act regulates reporting of publicly traded companies?

CFAA

SOX

GDPR

FOIA

Answer 25

SOX mandates certain practices for financial record keeping.

Question 26

In the context of information security, the three states of data are:

Answer 26

Data at Rest: Data that is stored on physical or digital media, not actively moving from device to device or network to network. It’s often protected by encryption and access controls.

Data in Motion (or Data in Transit): Data actively moving through networks, such as the internet or private networks, from one location to another, such as from a local storage device to a cloud server. It’s protected by secure transmission protocols like SSL/TLS.

Data in Use: Data being processed or used by applications, often residing in computer memory (RAM). Protecting it involves measures like access controls and runtime encryption.

Question 27

Which type of algorithm is a symmetric key?
DES
ECC
RSA
SHA

Answer 27

DES is a block cipher symmetric algorithm.

Incorrect:
ECC is an asymmetric algorithm.
RSA is an asymmetric algorithm.
SHA is a hashing algorithm.

Question 28

Which type of algorithm is an asymmetric key?

ECC

MD5

SHA

DES

Answer 28

It’s an example of public key cryptography based on elliptic curves over infinite fields.

Question 29

Which two types of algorithms are hashing algorithms? Choose two answers.

MD5

3DES

SHA

ECC

AES

RC4

Answer 29

MD5 is an example of a hashing algorithm.
SHA is an example of a hashing algorithm.

Question 30

Which algorithm supports encryption for email?

ECC

AES

PGP

DES

Answer 30

PGP is an email program that supports encryption (Pretty Good Privacy).

Question 31

What describes competitive intelligence?

The codename for a study conducted to curtail unauthorized passing of information.

The practice of managing the range of intelligence-gathering activities that are being directed at an organization.

The process that prevents sensitive information from getting into the wrong hands.

The process of intelligence gathering and analysis to support business decisions.

Answer 31

Competitive intelligence is the process of intelligence gathering and analysis to support business decisions.

Question 32

The first law of operations security states:

Answer 32

“If you don’t know the threat, how do you know what to protect?”

Question 33

Which law of operations security discusses the need to evaluate our information assets and determine what exactly we might consider to be our critical information?

The first law of operations security.

The second law of operations security.

The third law of operations security.

The fourth law of operations security.

Answer 33

The second law of operations security states, “If you don’t know what to protect, how do you know you are protecting it?”

Question 34

The third law of operations security states:

Answer 34

“If you are not protecting it (the information)…THE DRAGON WINS!”

Question 35

Which term refers to the practice of managing information gathering activities directed at an organization?

Purple Dragon

Competitive Counterintelligence

Operational Security

Competitive Intelligence

Answer 35

Correct: Competitive counterintelligence is the practice of managing the range of intelligence-gathering activities directed at an organization.

Incorrect: Operational Security is a security and risk management process that prevents sensitive information from getting into the wrong hands.

Question 36

What describes risk assessment?

Identification of when there is a threat and a vulnerability that the threat can exploit.

Identification of what harm to the company can occur if important information is released.

Identifications of weaknesses that can harm a company.

Identification of information on which the company is based and everything depends.

Answer 36

Risk occurs when there is a matching threat and vulnerability. A risk assessment determines which risks require concern during the operations security process.
“what harm to the company can occur if important information is released” describes the potential impact assessment of a security breach.

Question 37

Responsibility of the National Security Agency (NSA)

Answer 37

Present leaders with critical security information they need to defend our country.

Question 38

Responsibility of the SysAdmin, Audit, Network, and Security (SANS) Institute.

Answer 38

Provide access to information technology research and education around the world.

Question 39

Lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.

Answer 39

Responsibility of the Cybersecurity and Infrastructure Security Agency (CISA).

Question 40

What is the responsibility of the Interagency OpSec Support Staff (IOSS)?

Provide access to information technology research and education around the world.

Present leaders with critical security information they need to defend our country.

Lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.

Provide multiple agencies with a wide variety of security awareness and training.

Answer 40

The Interagency OPSEC Support Staff (IOSS) is responsible for a wide variety of OPSEC awareness and training efforts.

Question 41

Which type of social engineering attack utilizes credible scenarios to lure people into disclosing sensitive information?

Pretexting

Whaling

Baiting

Tailgating

Answer 41

Pretexting is a type of social engineering attack that utilizes credible scenarios to lure people into disclosing sensitive information.

Question 42

Which social engineering technique uses electronic communications to carry out an attack that is broad in nature?

Masquerading

Tailgating

Baiting

Phishing

Answer 42

Phishing is an attack against a company, organization, or person carried out by an electronic means, such as email or text messages, to carry out an attack that is broad in nature.

Question 43

Shodan Disclosure

Answer 43

Shodan is a search engine that scans the internet for various types of devices connected to the internet, such as servers, webcams, printers, routers, and other devices that are part of the Internet of Things (IoT). Unlike traditional search engines that index web content, Shodan indexes information related to the devices themselves, including their types, locations, operating systems, and open ports. This information can be invaluable for security research and analysis, helping to identify potentially vulnerable devices and networks.

A “Shodan disclosure” typically refers to the act of revealing vulnerabilities, exposed devices, or sensitive information found through searches conducted on Shodan.

Question 44

Which set of policies and procedures outlines the steps an organization will take during a state of emergency to replace IT infrastructure?

Data protection directive

Business continuity

Disaster recovery

Data security standard

Answer 44

Disaster recovery planning refers to policies and procedures that are put in place to prepare for and respond to a state of emergency in the event some or all of an organization’s IT infrastructure is destroyed.

Question 45

Which type of security control is a video surveillance system?

Proactive

Detective

Preventive

Deterrent

Answer 45

Detective controls such as video surveillance systems and burglar alarms, serve to detect and report undesirable events.

Question 46

DMZ

Answer 46

A Demilitarized Zone (DMZ) in network security is a strategically implemented subnetwork that serves as an additional layer of protection, combining the use of security mechanisms like firewalls with network architecture practices such as segmentation. Its primary function is to restrict, monitor, and control the flow of traffic between the internet and an organization’s internal network. By doing so, it creates a controlled interface for external access to publicly available services—such as web and email servers—while safeguarding the internal network from unauthorized access, attacks, and exposure.

Question 47

Proxy servers

Answer 47

Proxy servers are a specialized variant of a firewall that provide security and performance features by filtering traffic for attacks or undesirable content.

Question 48

Deep packet

Answer 48

Deep packet inspection firewalls analyze the content of traffic and can reassemble the content to determine what will be delivered to the destination application.

Question 49

Which type of firewall monitors and defends a system based on traffic patterns over a given connection?

Proxy servers

Deep packet

DMZ

Stateful packet

Answer 49

Stateful packet inspection firewalls defend networks by monitoring traffic patterns at a granular level over a given connection.

Question 50

What is a wireless protocol?

RC4

WPA3

POP3

AES

Answer 50

WPA3 is a wireless protocol that uses AES encryption.

Question 51

RC4

Answer 51

RC4 is a symmetric algorithm.

Question 52

What is attack surface?

Answer 52

In information security, the “attack surface” refers to the sum total of all possible points (vulnerable spots or attack vectors) where an unauthorized user (the attacker) can try to enter or extract data from an environment. Essentially, it encompasses all the different ways an information system can be breached or compromised by an attacker.

Question 53

What is “to perform system hardening”?

Answer 53

To perform system hardening means to take steps to reduce the attack surface of a system by securing its configurations, updating software to eliminate vulnerabilities, removing unnecessary services and applications, and enforcing the principle of least privilege. This process involves a comprehensive set of actions designed to protect against threats and minimize potential attack vectors.

Question 54

When should updates be performed?

Semi-annually

After testing and vetting

After a system has been in production for many years

Immediately upon publication

Answer 54

It is prudent to test software updates thoroughly before installing them without delaying the process for very long.

Question 55

Which port service needs to be removed when running a webserver?

80

22

53

443

Answer 55

Port 53 is typically blocked on webservers to prevent Domain Name System (DNS) servers from divulging critical information to attackers.

Question 56

Which action is considered a significant event that should be included in the logging process?

A password change

A successful logon

An application closing

Administrative privilege

Answer 56

The use of administrative privileges is considered a significant event that should be closely monitored.

Question 57

Which buffer size creates an entry point for a cyberattack when the buffer reaches 8 bytes?

16 bytes

12 bytes

8 bytes

4 bytes

Answer 57

A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold. At 8 bytes, the established buffer size has been exceeded.

Question 58

Which tool is categorized as an exploit framework?

TCPdump

Nikto

OpenVas

Core Impact

Answer 58

Core Impact is a centralized penetration testing tool that enables security teams to conduct advanced, multi-phased penetration tests. It is a type of tool categorized as an exploit framework. Exploit frameworks include pre-packaged sets of exploits.

Question 59

TCPdump

Answer 59

TCPdump is a data-network packet analyzer computer program that runs under a command line interface. It is not a type of tool categorized as an exploit framework.

Question 60

Nikto

Answer 60

Nikto is an open-source Web server analysis tool that checks for common vulnerabilities. It is not a type of tool categorized as an exploit framework.

Question 61

OpenVas

Answer 61

The OpenVAS scanner is a comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices. It is not a type of tool categorized as an exploit framework.

Question 62

Which symmetric encryption algorithm is the standard encryption algorithm used by the US Federal government?

DES

SHA-2

AES

RSA

Answer 62

AES is the standard encryption algorithm used by the US Federal government.

Question 63

RSA

widely used for?

Answer 63

RSA is a widely used asymmetric encryption method used for many transactions including in the Secure Sockets Layer (SSL) protocol used to secure Web and email traffic.

Question 64

SHA-2

used for wha?

Answer 64

SHA-2 is a hash function that is commonly used to validate and sign digital security certificates and documents.

Question 65

XSS

Answer 65

Cross-site scripting (XSS) is a security vulnerability typically found in web applications. It allows attackers to inject malicious scripts into content that other users see and interact with.

Question 66

What describes a database security issue?

Denial of Service

Unauthenticated access to functionality

Buffer overflows

Cross-site scripting

Answer 66

Allowing a user or process the opportunity to interact with the database without supplying a set of credentials creates potential database issues.

Question 67

Which type of packet sniffer is used to monitor web traffic?

Fuzzer

Honeypot

Wireshark

Nessus

Answer 67

Wireshark is a sniffer that is capable of intercepting and troubleshooting traffic from both wired and wireless sources.

Question 68

Nessus

Answer 68

Nessus will identify open ports and determine the services and versions of service running on those ports.
Also used to find and report network services on hosts that have known vulnerabilities.

Question 69

Fuzzer

Answer 69

A fuzzer is a software testing tool used to find security vulnerabilities or bugs in software. It works by automatically generating and sending a wide range of invalid, unexpected, or random data as inputs to a computer program.

Question 70

Which tools is used to perform web assessment and analysis?

Nessus

Burp Suite

Kismet

Hping3

Answer 70

Burp Suite is a web assessment and analysis tool that looks for issues on websites such as cross-site scripting or SQL injection flaws.

Question 71

Burp Suite

Answer 71

A popular integrated platform used for testing the security of web applications. It offers a variety of tools for performing different security tests, including scanning for vulnerabilities, intercepting and modifying network traffic, and identifying weak points within an application.

Question 72

Kismet

Answer 72

Kismet is a tool commonly used to detect wireless access points.

Question 73

What are SSL and TLS, and how do they function in securing information transmitted over networks and the internet, particularly in relation to email protocols like IMAP and POP?

Answer 73

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols designed to secure information sent over networks, including the internet. They provide encryption, authentication, and integrity of data in transit, ensuring that any data sent between the client and server is protected from eavesdropping and tampering. SSL and TLS operate in conjunction with other protocols, such as the Internet Message Access Protocol (IMAP) and the Post Office Protocol (POP), which are used for email communication. By integrating with these email protocols, SSL and TLS help safeguard email data as it travels across the network, protecting sensitive information from unauthorized access.