Web Development Basics 2025 | Free Beginner’s Guide, Exams of Web Design and Development

Download Web Development Basics 2025 | Free Beginner’s Guide and more Exams Web Design and Development in PDF only on Docsity!

Page 1 of 54 WGU D430 FUNDAMENTALS OF INFORMATION SECURITY ACTUAL EXAM 2025/2026 ASSESSMENT TESTBANK QUESTIONS AND CORRECT ANSWERS WITH RATIONALES ALREADY GRADED A+ Define the confidentiality in the CIA triad. ....... ANSWER......Our ability to protect data from those who are not authorized to view it. Examples of confidentiality ....... ANSWER......A patron using an ATM card wants to keep their PIN number confidential. An ATM owner wants to keep bank account numbers confidential. How can confidentiality be broken? ........ ANSWER......Losing a laptop An attacker gets access to info A person can look over your shoulder Page 2 of 54 Define integrity in the CIA triad. ....... ANSWER......The ability to prevent people from changing your data and the ability to reverse unwanted changes. How do you control integrity? ....... ANSWER......Permissions restrict what users can do (read, write, etc.) Examples of integrity ....... ANSWER......Data used by a doctor to make medical decisions needs to be correct or the patient can die. Define the availability in the CIA triad. ....... ANSWER......Our data needs to be accessible when we need it. How can availability be broken? ....... ANSWER......Loss of power, application problems. If caused by an attacker, this is a Denial of Service attack. Page 4 of 54 Integrity is affected by what type of attacks? ceseeee ANSWER......Interruption (assets are unusable), modification (tampering with an asset), fabrication (generating false data) Authenticity is affected by what type of attacks? seseees ANSWER......Interruption (assets are unusable), modification (tampering with an asset), fabrication (generating false data) Utility ....... ANSWER......How useful the data is to you (can be a spectrum, not just yes or no) Possession ....... ANSWER......Do you physically have the data in question? Used to describe the scope of a loss Identify the four types of attacks ....... ANSWER......interception, interruption, modification, and fabrication Interception attacks ....... ANSWER......Make your assets unusable or unavailable Page 5 of 54 Interruption attacks ....... ANSWER......cause assets to become unusable or unavailable for our use, on a temporary or permanent basis Modification attacks ....... ANSWER...... Tampering with an asset Fabrication attacks ....... ANSWER......Generating data, process, and communications Define the risk management process ....... ANSWER......1. Identify assets 2. Identify threats 3. Assess vulnerabilities A. Assess risks 5. Mitigate risks Page 7 of 54 Identify types of controls to mitigate risk seeeeee ANSWER......physical, logical, administrative Identify elements of risk management in policies and procedures. seseeee ANSWER......Development of robust policies Identification of emergent recent Identify elements of internal weakness Identify the layers of a defense-in-depth strategy. seveeee ANSWER......External network Internal network Host Application Data Define identification ....... ANSWER......The claim of who we/networks are Page 8 of 54 Define identity verification. ....... ANSWER......Someone claims who they are and you take it one step father and ask for ID Define authentication ....... ANSWER......A set of methods used to determine if a claim of identity is true. Compare authentication types. ....... ANSWER......Multifactor authentication Mutual authentication Identify password security best practices. ....... ANSWER......Upper case Lower case Numbers Symbols Page 10 of 54 Which standards apply to any financial entity policies? seeeeee ANSWER......Gramm-Leech-Bliley Which standards apply to publicly traded companies doing business in the U.S? ....... ANSWER......Sarbanes-Oxley Act (SOX) Which standards apply to credit card industry? seveeee ANSWER......PC] DSS What company audits other companies for licensing requirements? ....... ANSWER......BSA Define cryptography, including its origins and influencers. sone ANSWER......The science of protecting the confidentiality and integrity of data Page 11 of 54 symmetric key cryptography ....... ANSWER......the sender and receiver use the same key for encryption and decryption Asymmetric Key Cryptography ....... ANSWER......Encryption that uses two separate keys- a public key and a private key. Advantage is that you can post the public key and anyone can send you an encrypted message. Hash functions ....... ANSWER......mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity digital signature ....... ANSWER......a means of electronically signing a document with data that cannot be forged Digital certificate ....... ANSWER......Link a public key to an individual Page 13 of 54 regulatory compliance ....... ANSWER......Regulations mandated by law usually requiring regular audits and assessments industry compliance ....... ANSWER......Regulations or standards designed for specific industries that may impact ability to conduct business (e.g. PCI DSS) privacy ....... ANSWER......the right of people not to reveal information about themselves GLBA ....... ANSWER......"Graham-Leach-Bliley Act" (Financial Services Modernization Act of 1999) repealed a 1933 law that barred the consolidation of financial institutions and insurance companies. Included within GLBA are multiple sections relating to the privacy of financial information. Companies must provide written notice to consumers of their privacy rights and explain the company's procedures for safeguarding data. Page 14 of 54 Privacy guidelines ....... ANSWER......Guidelines to follow to protect private information of patients FISMA .....++ ANSWER......federal info security management act - US law requires federal agencies to create, document and implement security program HIPPA ....... ANSWER......Health Insurance Portability and Accountability Act. Protects patient privacy. FERPA ....... ANSWER......Family Educational Rights and Privacy Act SOX ...... ANSWER......Sarbanes-Oxley Act. This law requires publicly traded companies and their independent auditors to demonstrate that their numbers are accurate and that they have processes in place to ensure accurate reporting. Several sections of the law have important implications for human resource activities. Page 16 of 54 PGP uses ANSWER......Pretty Good Privacy. Commonly used to secure e-mail communications between two private individuals but is also used in companies. It provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt e-mail. It uses both asymmetric and symmetric encryption. Operations Security Process ........ ANSWER......1. Identification of critical information 2. Analysis of threats 3. Analysis of vulnerabilities 4. Assessment of risks 5. Application of countermeasures Page 17 of 54 Operations Security ....... ANSWER......A security and risk management process that prevents sensitive information from getting in the wrong hands. Competitive intelligence ....... ANSWER......the process of gathering and analyzing information to support business decisions Haase's Laws: Know the threats ........ ANSWER......If you don't know the threat, how do you know what to protect? Know the threats for your data based on your location. Haase's Laws: Know what to protect ......ANSWER......If you don't know what to protect, how do you know you're protecting it? Some orgs classify information (top secret). Hasse's Laws: Protect the information ....... ANSWER......If you don't protect the information, your adversaries win. Page 19 of 54 Network-based IDS (NIDS) ....... ANSWER......an independent platform that monitors network traffic to identify intruders. host-based IDS ........ ANSWER......are used to analyze the activities on or directed at the network interface of a particular asset (host). Wireshark ....... ANSWER......a sniffer that is capable of intercepting and troubleshooting traffic from both wired and wireless sources. Nmap ......8 ANSWER......A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner. Which port service needs to be removed when running a webserver? ....... ANSWER......53 Page 20 of 54 Port 80 ....... ANSWER......provides Hypertext Transfer Protocol (HTTP) services, which serves Web content. AES ....... ANSWER......AES is the standard encryption algorithm used by the US Federal government. SSRF ....... ANSWER......(Server-Side Request Forgery) An attack that takes advantage of a trusting relationship between web servers. Attacker finds vulnerable web application, sends request to web server, web server performs request on behalf of attacker. kismet ....... ANSWER......Kismet is a tool commonly used to detect Hping3 ....... ANSWER......A tool used to test the security of firewalls and map network topology. - constructs specially crafted ICMP packets to evade measures to hide devices behind firewall