WGU D430 FUNDAMENTALS OF INFORMATION SECURITY
EXAM 2025 |160 QUESTIONS WITH ACCURATE SOLUTIONS
1. This authentication factor requires the user to know something to prove
their identity. Examples include a password or PIN.
Something you do
Something you are
Something you know
Something you have
2. What is the main theoretical basis for RSA's security?
Factoring large numbers
Euclid's algorithm
Modular arithmetic
Primality testing
3. Which type of tool bombards our application with data and inputs from a
wide variety of sources in an attempt to cause the application to fail or
behave unexpectedly?
Scanners
Exploit frameworks
Fuzzers
Vulnerability assessment tools
, Web application analysis tools
4. In your own words, explain the significance of HIPAA in the context of
cybersecurity for health care organizations.
, HIPAA is significant because it allows health care organizations to
share patient data freely.
HIPAA is significant because it eliminates the need for data protection
strategies.
HIPAA is significant because it mandates that health care
organizations implement measures to ensure the confidentiality and
integrity of personal health information, thereby protecting patient
data from unauthorized access and breaches.
HIPAA is significant because it focuses solely on data availability.
5. Which of the following is the best description of the defense-in-depth
strategy?
Fully securing the most important resources first
Using multiple layers of security controls to protect resources
Staying current on as many known attacks as possible
Hiding protected resources behind multiple firewalls
6. Describe how Nmap can be utilized in a cybersecurity audit.
Nmap generates compliance reports for regulatory standards.
Nmap monitors user activity to prevent unauthorized access.
Nmap can be used to identify open ports and services on a network,
helping auditors assess vulnerabilities.
Nmap encrypts data to ensure secure communications during audits.
7. Describe how multilevel access control is utilized in sensitive industries
such as the military and medical fields.
It focuses on monitoring user activity rather than controlling access.
, It is primarily used for data encryption purposes.
It allows all users to access all data without restrictions.
Multilevel access control is used to manage and restrict access to
sensitive data based on different clearance levels.
8. What is the primary focus of Haase's Laws in relation to cybersecurity?
Implementing encryption standards
Ensuring data availability
Conducting regular audits
Knowing what to protect
9. Describe how ECC utilizes points on a curve for encryption and key
exchange.
ECC uses random number generation for key exchange.
ECC uses mathematical properties of elliptic curves to create public
and private keys for secure communication.
ECC employs symmetric key algorithms for data protection.
ECC relies on linear algebra to generate keys for encryption.
10. Companies that must comply with the requirements of the Sarbanes-
Oxley Act (SOX) include all:
companies that trade on U.S. stock exchanges.
state and local government units in the U.S.
foreign companies that trade on U.S. stock exchanges.
all U.S. companies, both privately held and publicly traded.
EXAM 2025 |160 QUESTIONS WITH ACCURATE SOLUTIONS
1. This authentication factor requires the user to know something to prove
their identity. Examples include a password or PIN.
Something you do
Something you are
Something you know
Something you have
2. What is the main theoretical basis for RSA's security?
Factoring large numbers
Euclid's algorithm
Modular arithmetic
Primality testing
3. Which type of tool bombards our application with data and inputs from a
wide variety of sources in an attempt to cause the application to fail or
behave unexpectedly?
Scanners
Exploit frameworks
Fuzzers
Vulnerability assessment tools
, Web application analysis tools
4. In your own words, explain the significance of HIPAA in the context of
cybersecurity for health care organizations.
, HIPAA is significant because it allows health care organizations to
share patient data freely.
HIPAA is significant because it eliminates the need for data protection
strategies.
HIPAA is significant because it mandates that health care
organizations implement measures to ensure the confidentiality and
integrity of personal health information, thereby protecting patient
data from unauthorized access and breaches.
HIPAA is significant because it focuses solely on data availability.
5. Which of the following is the best description of the defense-in-depth
strategy?
Fully securing the most important resources first
Using multiple layers of security controls to protect resources
Staying current on as many known attacks as possible
Hiding protected resources behind multiple firewalls
6. Describe how Nmap can be utilized in a cybersecurity audit.
Nmap generates compliance reports for regulatory standards.
Nmap monitors user activity to prevent unauthorized access.
Nmap can be used to identify open ports and services on a network,
helping auditors assess vulnerabilities.
Nmap encrypts data to ensure secure communications during audits.
7. Describe how multilevel access control is utilized in sensitive industries
such as the military and medical fields.
It focuses on monitoring user activity rather than controlling access.
, It is primarily used for data encryption purposes.
It allows all users to access all data without restrictions.
Multilevel access control is used to manage and restrict access to
sensitive data based on different clearance levels.
8. What is the primary focus of Haase's Laws in relation to cybersecurity?
Implementing encryption standards
Ensuring data availability
Conducting regular audits
Knowing what to protect
9. Describe how ECC utilizes points on a curve for encryption and key
exchange.
ECC uses random number generation for key exchange.
ECC uses mathematical properties of elliptic curves to create public
and private keys for secure communication.
ECC employs symmetric key algorithms for data protection.
ECC relies on linear algebra to generate keys for encryption.
10. Companies that must comply with the requirements of the Sarbanes-
Oxley Act (SOX) include all:
companies that trade on U.S. stock exchanges.
state and local government units in the U.S.
foreign companies that trade on U.S. stock exchanges.
all U.S. companies, both privately held and publicly traded.
