12/14/25, 4:42 PM C836 - Fundamentals of Information Security (WGU) Flashcards | Quizlet
Science Computer Science Computer Security and Reliability
C836 - Fundamentals of
Information Security (WGU)
Exam Questions With Correct
Answers
]
C
Terms in this set (186)
Protecting an organization's information and information systems
Information Security from unauthorized access, use, disclosure, disruption,
modification, or destruction.
Requirements that are set forth by laws and
Compliance
industry regulations.
CIA Confidentiality, Integrity, Availability
Refers to our ability to protect our data from those who are not
Confidentiality
authorized to use/view it
The ability to prevent people from changing your data in an
Integrity
unauthorized or undesirable manner
Availability Refers to the ability to access our data when we need it
refers to the physical disposition of the media on which the data
Possession/Control is stored. (tape examples where some are encrypted and some
are not)
whether you've attributed the data in question to the proper
Authenticity owner or creator. (altered email that says it's from one person
when it's not - violation of the authenticity of the email)
Utility refers to how useful the data is to you.
interception, interruption, modification, and
Attacks
fabrication
attacks that allow unauthorized users to access your data,
Interception applications, or environments. Are primarily attacks against
confidentiality
attacks that make your assets unusable or unavailable to you
Interruption temporarily or permanently. DoS attack on a mail server, for
example. May also affect integrity
https://quizlet.com/715015910/c836-fundamentals-of-information-security-wgu-flash-cards/ 1/20
,12/14/25, 4:42 PM C836 - Fundamentals of Information Security (WGU) Flashcards | Quizlet
attacks involve tampering with our asset. Such attacks might
Modification primarily be considered an integrity attack but could also
represent an availability attack.
attacks involve generating data, processes, communications, or
other similar activities with a system. Fabrication attacks primarily
Fabrication
affect integrity but could be considered an availability attack as
well.
is the likelihood that an event will occur. To have risk there must
Risk be a
threat and vulnerability.
are any events being man-made, natural or environmental that
Threats
could cause damage to assets.
are a weakness that a threat event or the threat agent can take
Vulnerabilities
advantage of.
takes into account the value of the asset being threatened and
Impact
uses it to calculate risk
Identify assets, identify threats, assess vulnerabilities, assess risks,
Risk Management Process
mitigate risks
Defense in Depth Using multiple layers of security to defend your assets.
are the ways we protect assets. Three different types: physical,
Controls
logical, administrative
environment; physical items that protect assets think locks, doors,
Physical Controls
guards, and, fences or environmental factors (time)
Sometimes called technical controls, these protect the systems,
Logical Controls networks, and environments that process, transmit, and store our
data
based on laws, rules, policies, and procedures, guidelines, and
other items that are "paper" in nature. They are the policies that
Administrative Controls
organizations create for governance. For example, acceptable
use and email use policies.
phase of incident response consists of all of the activities that we
Preparation can perform, in advance of the incident itself, in order to better
enable us to handle it.
1. Preparation
2. Detection and Analysis (Identification)
3. Containment
Incident Response Process
4. Eradication
5. Recovery
6. Post-incident activity: document/Lessons learned
where the action begins to happen in our incident response
process. In this phase, we will detect the occurrence of an issue
Detection & Analysis
and decide whether or not it is actually an incident, so that we
can respond appropriately to it.
involves taking steps to ensure that the situation does not cause
Containment any more damage than it already has, or to at least lessen any
ongoing harm.
Eradication attempt to remove the effects of the issue from our environment.
https://quizlet.com/715015910/c836-fundamentals-of-information-security-wgu-flash-cards/ 2/20
, 12/14/25, 4:42 PM C836 - Fundamentals of Information Security (WGU) Flashcards | Quizlet
restoring devices or data to pre-incident state (rebuilding
Recovery
systems, reloading applications, backup media, etc.)
determine specifically what happened, why it happened, and
Post-incident activity
what we can do to keep it from happening again. (postmortem).
Identity who or what we claim to be. Simply an assertion.
the act of providing who or what we claim to be. More
Authentication technically, the set of methods used to establish whether a claim
is true
simply verifies status of ID. For example, showing your driver's
Verification
license at a bar. "Half-step" between identity and authentication
• Something you know: Username/Password/Pin
• Something you have: ID badge/swipe card/OTP
Five Different Types of
• Something you are: Fingerprint/Iris/Retina scan
Authentication
• Somewhere you are: Geolocation
• Something you do: Handwriting/typing/walking
Single-factor authentication only using one type of authentication
using two different factors of authentication (2 of the same factor
Dual-factor authentication
does not count )
Use of several (more than two) authentication techniques
Multi-factor authentication together, such as passwords and security tokens, and
geolocation.
process where the session is
Mutual Authentication
authenticated on both ends and just one end.
Mutual authentication prevents man-in-the-middle attacks
what kind of attacks?
Using a password for access is Something you know
what kind of authentication
An iris-scan for access is what Something you are
kind of authentication
Using a security key-fob for Something you have
access is what kind of
authentication
Using biometrics are what kind Something you are
of authentication
For biometric authentication one universality, permanence, collectibility, performance,
must consider acceptability, and circumvention
The level of authorization what a user can access, modify, and delete
dictates
The process of determining exactly what an authenticated party
Authorization
can do
The principle that you should only give a party the bare minimum
Principle of Least Privilege
level of access it needs to perform its job/functionality
tools and systems used to allow or deny access, limit access, or
Access Controls are
revoke access
Access controls can be based physical attributes, sets of rules, lists of individuals or systems, or
on other, more complex factors
https://quizlet.com/715015910/c836-fundamentals-of-information-security-wgu-flash-cards/ 3/20
Science Computer Science Computer Security and Reliability
C836 - Fundamentals of
Information Security (WGU)
Exam Questions With Correct
Answers
]
C
Terms in this set (186)
Protecting an organization's information and information systems
Information Security from unauthorized access, use, disclosure, disruption,
modification, or destruction.
Requirements that are set forth by laws and
Compliance
industry regulations.
CIA Confidentiality, Integrity, Availability
Refers to our ability to protect our data from those who are not
Confidentiality
authorized to use/view it
The ability to prevent people from changing your data in an
Integrity
unauthorized or undesirable manner
Availability Refers to the ability to access our data when we need it
refers to the physical disposition of the media on which the data
Possession/Control is stored. (tape examples where some are encrypted and some
are not)
whether you've attributed the data in question to the proper
Authenticity owner or creator. (altered email that says it's from one person
when it's not - violation of the authenticity of the email)
Utility refers to how useful the data is to you.
interception, interruption, modification, and
Attacks
fabrication
attacks that allow unauthorized users to access your data,
Interception applications, or environments. Are primarily attacks against
confidentiality
attacks that make your assets unusable or unavailable to you
Interruption temporarily or permanently. DoS attack on a mail server, for
example. May also affect integrity
https://quizlet.com/715015910/c836-fundamentals-of-information-security-wgu-flash-cards/ 1/20
,12/14/25, 4:42 PM C836 - Fundamentals of Information Security (WGU) Flashcards | Quizlet
attacks involve tampering with our asset. Such attacks might
Modification primarily be considered an integrity attack but could also
represent an availability attack.
attacks involve generating data, processes, communications, or
other similar activities with a system. Fabrication attacks primarily
Fabrication
affect integrity but could be considered an availability attack as
well.
is the likelihood that an event will occur. To have risk there must
Risk be a
threat and vulnerability.
are any events being man-made, natural or environmental that
Threats
could cause damage to assets.
are a weakness that a threat event or the threat agent can take
Vulnerabilities
advantage of.
takes into account the value of the asset being threatened and
Impact
uses it to calculate risk
Identify assets, identify threats, assess vulnerabilities, assess risks,
Risk Management Process
mitigate risks
Defense in Depth Using multiple layers of security to defend your assets.
are the ways we protect assets. Three different types: physical,
Controls
logical, administrative
environment; physical items that protect assets think locks, doors,
Physical Controls
guards, and, fences or environmental factors (time)
Sometimes called technical controls, these protect the systems,
Logical Controls networks, and environments that process, transmit, and store our
data
based on laws, rules, policies, and procedures, guidelines, and
other items that are "paper" in nature. They are the policies that
Administrative Controls
organizations create for governance. For example, acceptable
use and email use policies.
phase of incident response consists of all of the activities that we
Preparation can perform, in advance of the incident itself, in order to better
enable us to handle it.
1. Preparation
2. Detection and Analysis (Identification)
3. Containment
Incident Response Process
4. Eradication
5. Recovery
6. Post-incident activity: document/Lessons learned
where the action begins to happen in our incident response
process. In this phase, we will detect the occurrence of an issue
Detection & Analysis
and decide whether or not it is actually an incident, so that we
can respond appropriately to it.
involves taking steps to ensure that the situation does not cause
Containment any more damage than it already has, or to at least lessen any
ongoing harm.
Eradication attempt to remove the effects of the issue from our environment.
https://quizlet.com/715015910/c836-fundamentals-of-information-security-wgu-flash-cards/ 2/20
, 12/14/25, 4:42 PM C836 - Fundamentals of Information Security (WGU) Flashcards | Quizlet
restoring devices or data to pre-incident state (rebuilding
Recovery
systems, reloading applications, backup media, etc.)
determine specifically what happened, why it happened, and
Post-incident activity
what we can do to keep it from happening again. (postmortem).
Identity who or what we claim to be. Simply an assertion.
the act of providing who or what we claim to be. More
Authentication technically, the set of methods used to establish whether a claim
is true
simply verifies status of ID. For example, showing your driver's
Verification
license at a bar. "Half-step" between identity and authentication
• Something you know: Username/Password/Pin
• Something you have: ID badge/swipe card/OTP
Five Different Types of
• Something you are: Fingerprint/Iris/Retina scan
Authentication
• Somewhere you are: Geolocation
• Something you do: Handwriting/typing/walking
Single-factor authentication only using one type of authentication
using two different factors of authentication (2 of the same factor
Dual-factor authentication
does not count )
Use of several (more than two) authentication techniques
Multi-factor authentication together, such as passwords and security tokens, and
geolocation.
process where the session is
Mutual Authentication
authenticated on both ends and just one end.
Mutual authentication prevents man-in-the-middle attacks
what kind of attacks?
Using a password for access is Something you know
what kind of authentication
An iris-scan for access is what Something you are
kind of authentication
Using a security key-fob for Something you have
access is what kind of
authentication
Using biometrics are what kind Something you are
of authentication
For biometric authentication one universality, permanence, collectibility, performance,
must consider acceptability, and circumvention
The level of authorization what a user can access, modify, and delete
dictates
The process of determining exactly what an authenticated party
Authorization
can do
The principle that you should only give a party the bare minimum
Principle of Least Privilege
level of access it needs to perform its job/functionality
tools and systems used to allow or deny access, limit access, or
Access Controls are
revoke access
Access controls can be based physical attributes, sets of rules, lists of individuals or systems, or
on other, more complex factors
https://quizlet.com/715015910/c836-fundamentals-of-information-security-wgu-flash-cards/ 3/20
