WGU D430 FUNDAMENTALS OF INFORMATION SECURITY 2025
LATEST VERSION EXAM FREQUENTLY TESTED QUESTIONS
WITH COMPLETE SOLUTIONS
3DES - CORRECT ANSWER: DES used to encrypt each block three times , each with a
different key
Access Control List - CORRECT ANSWER: info about what kind of access certain
parties are allowed to have to a given system
Read , write , execute
Access Control Models - CORRECT ANSWER: Discretionary ( DAC ) Mandatory
( MAC )
Rule - based
Role - based ( RBAC )
Attribute - based ( ABAC )
Accountability - CORRECT ANSWER: Refers to making sure that a person is
responsible for their actions .
-It provides us with the means to trace activities in our environment back to their source
.
-Depends on identification , authentication , and access control being present so that we
can know who a given transaction is associated with , and what permissions were used
to allow them to carry it out .
Acess Control - CORRECT ANSWER: Allowing - lets us give a particular party access to
a given source
Denying - opposite of gaining access
Limiting - allowing some access to our resource , only up to a certain point
Revoking - takes access away from former user
AES - CORRECT ANSWER: uses three different ciphers : one with a 128 - bit key , one
with a 192 - bit key , and one with a 256 - bit key , all having a block length of 128 bits
Asymmetric cryptography - CORRECT ANSWER: a public key and a private key . The
public key is used to encrypt data sent from the sender to the receiver and is shared
with everyone . Private keys are used to decrypt data that arrives at the receiving end
and are very carefully guarded by the receive ( aka the public key cryptography )
Asymmetric Key Algorithms - CORRECT ANSWER: Secure Sockets Layer ( RSA )
Elliptic Curve Cryptography ( ECC )
Pretty Good Privacy ( PGP )
Transport Layer Security ( TLS )
, Attack Types - CORRECT ANSWER: Interception
Interruption
Modification
Fabrication
Attack types and their effect - CORRECT ANSWER: Interception is the ONLY attack
that affects on confidentiality. Interruption, modification, and fabrication affects
integrity and availability because most of the time they're impacting data.
Attribute - based ( ABAC ) - CORRECT ANSWER: based on attributes , such as of a
person , resource , or an environment
Auditing - CORRECT ANSWER: the examination and review of an organization's
records to ensure accountability through technical means .
Authentication - CORRECT ANSWER: verifying that a person is who they claim to be
Authorization - CORRECT ANSWER: what the user can access , modify , and delete
Availability - CORRECT ANSWER: For one's AUTHORIZED to ACCESS data when
needed
BinScope Binary Analyzer - CORRECT ANSWER: examine
a tool developed by Microsoft to
source code for general good practices
Block Cipher - CORRECT ANSWER: takes a predetermined number of bits , known as a
block , in the plaintext message and encrypts that block
Brute Force - CORRECT ANSWER: an attack by submitting password attempts until
eventually guessed correctly
Buffer overflows - CORRECT ANSWER: a vulnerability that occurs when we do not
properly store the size of the data input into our applications , causing the program to
crash and an attacker to take advantage
Certificates - CORRECT ANSWER: link a public key to a particular individual and are
often used as a form of electronic identification for that particular person
Childrens ' Online Privacy Protection Act (COPPA) - CORRECT ANSWER: sets rules
on data collection for children under 13 to protect their online privacy
CIA Triad - CORRECT ANSWER: Confidential - allowing only those authorized to
access the data requested
Integrity - keeping data unaltered in an unauthorized manner and reliable
Availability - the ability for those authorized to access data when needed
, Compliance - CORRECT ANSWER: conforming to a rule , such as specification , policy
, standard or law
Confidentiality - CORRECT ANSWER: WHO can access the data
Containment - CORRECT ANSWER: involves taking steps to ensure that the situation
does not cause any more damage than it already has , or to at least lessen any ongoing
harm
Cross - Site Scripting ( XSS ) - CORRECT ANSWER: an attack carried out by placing
code in the form of a scripting language into a Web page , or other media , that is
interpreted by a client browser , including Adobe Flash animation and some types of
video files
Cryptography - CORRECT ANSWER: the practice of keeping information secure
through the use of codes and ciphers
DDOS - CORRECT ANSWER: a type of cyber attack where an attacker floods a website
or network with so much traffic that it becomes unavailable to legitimate users .
Deep packet inspection - CORRECT ANSWER: analyzing the actual content of the
traffic that is flowing through them
Defense in-Depth - CORRECT ANSWER: using a variety of security measures that will
still achieve a successful defense should one or more of the defensive measures fail
DES - CORRECT ANSWER: a block cipher based on symmetric key cryptography and
uses a 56 - bit key . Not that secured any more .
Detection and Analysis (Identification) - CORRECT ANSWER: detect the occurrence of
an issue and decide whether or not it is actually an incident so that we can respond
appropriately to it .
Digital Signatures - CORRECT ANSWER: ensure that the message was legitimately sent
by the expected party , and to prevent the sender from denying that he or she sent the
message , known as nonrepudiation
Discretionary ( DAC ) - CORRECT ANSWER: owner of resources determines who gets
access and what level
DMZ - CORRECT ANSWER: a layer of protection that separates a device from the rest of
a network and used to host public facing services such as websites .
Elliptic Curve Cryptography ( ECC ) - CORRECT ANSWER: can secure all browser
connections to the Web servers
LATEST VERSION EXAM FREQUENTLY TESTED QUESTIONS
WITH COMPLETE SOLUTIONS
3DES - CORRECT ANSWER: DES used to encrypt each block three times , each with a
different key
Access Control List - CORRECT ANSWER: info about what kind of access certain
parties are allowed to have to a given system
Read , write , execute
Access Control Models - CORRECT ANSWER: Discretionary ( DAC ) Mandatory
( MAC )
Rule - based
Role - based ( RBAC )
Attribute - based ( ABAC )
Accountability - CORRECT ANSWER: Refers to making sure that a person is
responsible for their actions .
-It provides us with the means to trace activities in our environment back to their source
.
-Depends on identification , authentication , and access control being present so that we
can know who a given transaction is associated with , and what permissions were used
to allow them to carry it out .
Acess Control - CORRECT ANSWER: Allowing - lets us give a particular party access to
a given source
Denying - opposite of gaining access
Limiting - allowing some access to our resource , only up to a certain point
Revoking - takes access away from former user
AES - CORRECT ANSWER: uses three different ciphers : one with a 128 - bit key , one
with a 192 - bit key , and one with a 256 - bit key , all having a block length of 128 bits
Asymmetric cryptography - CORRECT ANSWER: a public key and a private key . The
public key is used to encrypt data sent from the sender to the receiver and is shared
with everyone . Private keys are used to decrypt data that arrives at the receiving end
and are very carefully guarded by the receive ( aka the public key cryptography )
Asymmetric Key Algorithms - CORRECT ANSWER: Secure Sockets Layer ( RSA )
Elliptic Curve Cryptography ( ECC )
Pretty Good Privacy ( PGP )
Transport Layer Security ( TLS )
, Attack Types - CORRECT ANSWER: Interception
Interruption
Modification
Fabrication
Attack types and their effect - CORRECT ANSWER: Interception is the ONLY attack
that affects on confidentiality. Interruption, modification, and fabrication affects
integrity and availability because most of the time they're impacting data.
Attribute - based ( ABAC ) - CORRECT ANSWER: based on attributes , such as of a
person , resource , or an environment
Auditing - CORRECT ANSWER: the examination and review of an organization's
records to ensure accountability through technical means .
Authentication - CORRECT ANSWER: verifying that a person is who they claim to be
Authorization - CORRECT ANSWER: what the user can access , modify , and delete
Availability - CORRECT ANSWER: For one's AUTHORIZED to ACCESS data when
needed
BinScope Binary Analyzer - CORRECT ANSWER: examine
a tool developed by Microsoft to
source code for general good practices
Block Cipher - CORRECT ANSWER: takes a predetermined number of bits , known as a
block , in the plaintext message and encrypts that block
Brute Force - CORRECT ANSWER: an attack by submitting password attempts until
eventually guessed correctly
Buffer overflows - CORRECT ANSWER: a vulnerability that occurs when we do not
properly store the size of the data input into our applications , causing the program to
crash and an attacker to take advantage
Certificates - CORRECT ANSWER: link a public key to a particular individual and are
often used as a form of electronic identification for that particular person
Childrens ' Online Privacy Protection Act (COPPA) - CORRECT ANSWER: sets rules
on data collection for children under 13 to protect their online privacy
CIA Triad - CORRECT ANSWER: Confidential - allowing only those authorized to
access the data requested
Integrity - keeping data unaltered in an unauthorized manner and reliable
Availability - the ability for those authorized to access data when needed
, Compliance - CORRECT ANSWER: conforming to a rule , such as specification , policy
, standard or law
Confidentiality - CORRECT ANSWER: WHO can access the data
Containment - CORRECT ANSWER: involves taking steps to ensure that the situation
does not cause any more damage than it already has , or to at least lessen any ongoing
harm
Cross - Site Scripting ( XSS ) - CORRECT ANSWER: an attack carried out by placing
code in the form of a scripting language into a Web page , or other media , that is
interpreted by a client browser , including Adobe Flash animation and some types of
video files
Cryptography - CORRECT ANSWER: the practice of keeping information secure
through the use of codes and ciphers
DDOS - CORRECT ANSWER: a type of cyber attack where an attacker floods a website
or network with so much traffic that it becomes unavailable to legitimate users .
Deep packet inspection - CORRECT ANSWER: analyzing the actual content of the
traffic that is flowing through them
Defense in-Depth - CORRECT ANSWER: using a variety of security measures that will
still achieve a successful defense should one or more of the defensive measures fail
DES - CORRECT ANSWER: a block cipher based on symmetric key cryptography and
uses a 56 - bit key . Not that secured any more .
Detection and Analysis (Identification) - CORRECT ANSWER: detect the occurrence of
an issue and decide whether or not it is actually an incident so that we can respond
appropriately to it .
Digital Signatures - CORRECT ANSWER: ensure that the message was legitimately sent
by the expected party , and to prevent the sender from denying that he or she sent the
message , known as nonrepudiation
Discretionary ( DAC ) - CORRECT ANSWER: owner of resources determines who gets
access and what level
DMZ - CORRECT ANSWER: a layer of protection that separates a device from the rest of
a network and used to host public facing services such as websites .
Elliptic Curve Cryptography ( ECC ) - CORRECT ANSWER: can secure all browser
connections to the Web servers
