8/11/25, 3:16 PM C836 - Fundamentals of Information Security (WGU)/WGU C836 - FUNDAMENTALS OF INFORMATION SECURITY LATEST EXA…
C836 - Fundamentals of Information Security
(WGU)/WGU C836 - FUNDAMENTALS OF
INFORMATION SECURITY LATEST EXAM
QUESTIONS AND ANSWERS
Sometimes called technical Logical Controls
controls, these protect the
systems, networks, and
environments that process,
transmit, and store our
data
based on laws, rules, policies, Administrative Controls
and
procedures, guidelines, and
other items that are "paper"
in nature. They are the
policies that organizations
create for
governance. For example,
acceptable use and email
use policies.
phase of incident response Preparation
consists of all of the
activities that we can
perform, in advance of the
incident itself, in order to
better enable us to
handle it.
… 1/64
,8/11/25, 3:16 PM C836 - Fundamentals of Information Security (WGU)/WGU C836 - FUNDAMENTALS OF INFORMATION SECURITY LATEST EXA…
1. Preparation Incident Response Process
2. Detection and Analysis
(Identification)
3. Containment
4. Eradication
5. Recovery
6. Post-incident activity:
document/Lessons learned
where the action begins to Detection & Analysis
happen in our incident
response process. In this
phase, we will detect the
occurrence of an issue and
decide whether or not it is
actually an incident, so
that we can respond
appropriately to it.
involves taking steps to ensure Containment
that the
situation does not cause any
more damage than it already
has, or to at least lessen any
ongoing harm.
attempt to remove the effects Eradication
of the issue from our
environment.
restoring devices or data to Recovery
pre-incident state
(rebuilding systems,
reloading
applications, backup media,
etc.)
determine specifically what Post-incident activity
happened, why it happened,
and what we can do to keep
it from happening again.
(postmortem).
who or what we claim to be. Identity
Simply an assertion.
… 2/64
,8/11/25, 3:16 PM C836 - Fundamentals of Information Security (WGU)/WGU C836 - FUNDAMENTALS OF INFORMATION SECURITY LATEST EXA…
the act of providing who or Authentication
what we claim to be. More
technically, the set of
methods used to establish
whether a claim is true
simply verifies status of ID. Verification
For example, showing your
driver's license at a bar. "Half-
step" between identity and
authentication
• Something Five Different Types of Authentication
you know:
Username/Pass
word/Pin
• Something you have: ID
badge/swipe card/OTP
• Something you are:
Fingerprint/Iris/Retina scan
• Somewhere you are:
Geolocation
• Something you
do:
Handwriting/typin
g/walking
only using one type of Single-factor authentication
authentication
using two different factors of Dual-factor authentication
authentication (2 of the
same factor does not
count )
Use of several (more than Multi-factor authentication
two)
authentication techniques
together, such as passwords
and security tokens, and
geolocation.
process where the session is Mutual Authentication
authenticated on both ends
and just one end.
… 3/64
, 8/11/25, 3:16 PM C836 - Fundamentals of Information Security (WGU)/WGU C836 - FUNDAMENTALS OF INFORMATION SECURITY LATEST EXA…
man-in-the-middle attacks Mutual authentication prevents what kind of attacks?
Something you know Using a password for access is what kind of authentication
Something you are An iris-scan for access is what kind of authentication
Something you have Using a security key-fob for access is what kind of authentication
Something you are Using biometrics are what kind of authentication
universality, permanence, For biometric authentication one must consider
collectibility, performance,
acceptability, and
circumvention
what a user can access, The level of authorization dictates
modify, and delete
The process of determining Authorization
exactly what an
authenticated party can
do
The principle that you Principle of Least Privilege
should only give a party
the bare minimum level of
access it needs to
perform its
job/functionality
tools and systems used to Access Controls are
allow or deny access, limit
access, or revoke access
physical attributes, sets of Access controls can be based on
rules, lists of individuals or
systems, or other, more
complex factors
are lists containing Access control lists (ACLs)
information about what kind
of access certain parties
are allowed to have to a
given system.
read, write, and execute Access control lists generally list which three kinds of permissions
filter access based on Network ACLs
indentifers used for network
transactions, such as
… 4/64
C836 - Fundamentals of Information Security
(WGU)/WGU C836 - FUNDAMENTALS OF
INFORMATION SECURITY LATEST EXAM
QUESTIONS AND ANSWERS
Sometimes called technical Logical Controls
controls, these protect the
systems, networks, and
environments that process,
transmit, and store our
data
based on laws, rules, policies, Administrative Controls
and
procedures, guidelines, and
other items that are "paper"
in nature. They are the
policies that organizations
create for
governance. For example,
acceptable use and email
use policies.
phase of incident response Preparation
consists of all of the
activities that we can
perform, in advance of the
incident itself, in order to
better enable us to
handle it.
… 1/64
,8/11/25, 3:16 PM C836 - Fundamentals of Information Security (WGU)/WGU C836 - FUNDAMENTALS OF INFORMATION SECURITY LATEST EXA…
1. Preparation Incident Response Process
2. Detection and Analysis
(Identification)
3. Containment
4. Eradication
5. Recovery
6. Post-incident activity:
document/Lessons learned
where the action begins to Detection & Analysis
happen in our incident
response process. In this
phase, we will detect the
occurrence of an issue and
decide whether or not it is
actually an incident, so
that we can respond
appropriately to it.
involves taking steps to ensure Containment
that the
situation does not cause any
more damage than it already
has, or to at least lessen any
ongoing harm.
attempt to remove the effects Eradication
of the issue from our
environment.
restoring devices or data to Recovery
pre-incident state
(rebuilding systems,
reloading
applications, backup media,
etc.)
determine specifically what Post-incident activity
happened, why it happened,
and what we can do to keep
it from happening again.
(postmortem).
who or what we claim to be. Identity
Simply an assertion.
… 2/64
,8/11/25, 3:16 PM C836 - Fundamentals of Information Security (WGU)/WGU C836 - FUNDAMENTALS OF INFORMATION SECURITY LATEST EXA…
the act of providing who or Authentication
what we claim to be. More
technically, the set of
methods used to establish
whether a claim is true
simply verifies status of ID. Verification
For example, showing your
driver's license at a bar. "Half-
step" between identity and
authentication
• Something Five Different Types of Authentication
you know:
Username/Pass
word/Pin
• Something you have: ID
badge/swipe card/OTP
• Something you are:
Fingerprint/Iris/Retina scan
• Somewhere you are:
Geolocation
• Something you
do:
Handwriting/typin
g/walking
only using one type of Single-factor authentication
authentication
using two different factors of Dual-factor authentication
authentication (2 of the
same factor does not
count )
Use of several (more than Multi-factor authentication
two)
authentication techniques
together, such as passwords
and security tokens, and
geolocation.
process where the session is Mutual Authentication
authenticated on both ends
and just one end.
… 3/64
, 8/11/25, 3:16 PM C836 - Fundamentals of Information Security (WGU)/WGU C836 - FUNDAMENTALS OF INFORMATION SECURITY LATEST EXA…
man-in-the-middle attacks Mutual authentication prevents what kind of attacks?
Something you know Using a password for access is what kind of authentication
Something you are An iris-scan for access is what kind of authentication
Something you have Using a security key-fob for access is what kind of authentication
Something you are Using biometrics are what kind of authentication
universality, permanence, For biometric authentication one must consider
collectibility, performance,
acceptability, and
circumvention
what a user can access, The level of authorization dictates
modify, and delete
The process of determining Authorization
exactly what an
authenticated party can
do
The principle that you Principle of Least Privilege
should only give a party
the bare minimum level of
access it needs to
perform its
job/functionality
tools and systems used to Access Controls are
allow or deny access, limit
access, or revoke access
physical attributes, sets of Access controls can be based on
rules, lists of individuals or
systems, or other, more
complex factors
are lists containing Access control lists (ACLs)
information about what kind
of access certain parties
are allowed to have to a
given system.
read, write, and execute Access control lists generally list which three kinds of permissions
filter access based on Network ACLs
indentifers used for network
transactions, such as
… 4/64
