C836 CHAPTER 1-6 WGU Questions and Answers Latest Update Graded A+

Document Content and Description Below

C836 CHAPTER 1-6 WGU Questions and Answers Latest Update Graded A+ FISMA (Federal Information Security Modernization Act) ✔✔this law provides a framework for ensuring the effectiveness of infor... mation security controls in federal government - changed from Management (2002) to Modernization in 2014 HIPAA (Health Insurance Portability and Accountability Act) ✔✔this law improves the efficiency and effectiveness of the health care system and protects patient privacy FERPA (Family Educational Rights and Privacy Act) ✔✔this law protects the privacy of students and their parents SOX (Sarbanes-Oxley Act) ✔✔this law regulates the financial practice and governance of corporations GLBA (Gramm-Leach-Bliley Act) ✔✔this law protects the customers of financial institutions compliance ✔✔relating to an organization's adherence to laws, regulations, and standards regulatory compliance ✔✔Regulations mandated by law usually requiring regular audits and assessments industry compliance ✔✔Regulations or standards designed for specific industries that may impact ability to conduct business (e.g. PCI DSS) privacy ✔✔the state or condition of being free from being observed or disturbed by other people The Federal Privacy Act of 1974 ✔✔This act safeguards privacy through the establishment of procedural and substantive rights in personal data privacy rights ✔✔Rights relating to the protection of an individual's personal information PII (Personally Identifiable Information) ✔✔Information that can be used to identify an individual, and should be protected as sensitive data and monitored for compliance cryptography ✔✔the science of keeping information secure Cryptanalysis ✔✔The science of breaking through the encryption used to create ciphertext cryptology ✔✔The overarching field of study that covers cryptography and cryptanalysis cryptographic algorithm (cipher) ✔✔The specifics of the process used to encrypt plaintext or decrypt ciphertext plaintext (cleartext) ✔✔unencrypted data ciphertext ✔✔encrypted data Caesar cipher ✔✔an ancient cryptographic technique based on transposition; involves shifting each letter of a plaintext message by a certain number of letters (historically 3) ROT13 cipher ✔✔a more recent cipher that uses the same mechanism as the Caesar cipher but moves each letter 13 places forward symmetric key cryptography (private key cryptography) ✔✔uses a single key for both encryption of the plaintext and decryption of the ciphertext block cipher ✔✔A type of cipher that takes a predetermined number of bits in the plaintext message (commonly 64 bits) and encrypts that block stream cipher ✔✔A type of cipher that encrypts each bit in the plaintext message, 1 bit at a time AES (Advanced Encryption Standard) ✔✔A set of symmetric block ciphers endorsed by the US government through NIST. Shares the same block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode asymmetric key cryptography (public key cryptography) ✔✔this method uses 2 keys, a public key and a private key SSL (secure sockets layer) ✔✔a protocol that uses the RSA algorithm (an asymmetric algorithm) to secure web and email traffic hash function (message digest) ✔✔keyless cryptography that creates a largely unique and fixedlength hash value based on the original mesage hash ✔✔used to determine whether the message has changed; provides integrity (but not confidentiality) digital signature ✔✔a method of securing a message that involves generating a hash and encrypting it using a private key certificate ✔✔created to link a public key to a particular individual; used as a form of electronic identification for that person CA (certificate authority) ✔✔a trusted entity that handles digital certificates PKI (public key infrastructure) ✔✔infrastructure that includes the CAs that issue and verify certificates and the RAs that verify the identity of the individuals associated with the certificates RA (registration authority) ✔✔An authority in a PKI that verifies the identity of the individual associated with the certificate CRL (Certificate Revocation List) ✔✔a public list that holds all the revoked certifications for a certain period of time data at rest ✔✔Data that is on a storage device of some kind and is not moving data in motion ✔✔Data that is moving over a WAN or LAN, a wireless network, over the internet, or in other ways data at rest ✔✔This type of data is protected using data security (encryption) and physical security data in motion ✔✔This type of data is best protected by protecting the data itself (using SSL, TLS) and protecting the connection (using IPsec VPN, SSL VPN) data in use ✔✔This type of data is the hardest to protect encryption ✔✔a subset of cryptography that refers specifically to the transformation of unencrypted data into its encrypted form decryption ✔✔The process of recovering the plaintext message from the ciphertext authentication ✔✔a set of methods we use to establish a claim of identity as being true corroborates the identity of an entity, whether it is the sender, the sender's computer, some device, or some information ECC (Elliptic Curve Cryptography) ✔✔An asymmetric encryption algorithm that uses smaller key sizes and requires less processing power than many other encryption methods. commonly used in smaller wireless devices accountability ✔✔this provides us with the means to trace activities in our environment back to their source nonrepudiation ✔✔Refers to a situation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement, or taken an action deterrence ✔✔refers to elements that discourage or prevent misbehavior in our environments IDS (intrusion detection system) ✔✔a monitoring tool that alerts when an attack or other undesirable activity is taking place IPS (Intrusion Prevention System) ✔✔a tool that alarms and takes actions when malicious events occur auditing ✔✔a methodical examination and review that ensures accountability through technical means; ensures compliance with applicable laws, policies, and other bodies of administrative control, and detects misuse logging ✔✔A process that provides a history of the activities that have taken place in the environment monitoring ✔✔a subset of auditing that focuses on observing information about the environment in order to discover undesirable conditions such as failures, resource shortages, security issues, and trends [Show More]

Last updated: 3 years ago

Preview 1 out of 13 pages