WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY EXAM OBJECTIVE ASSESSMENT
NEWEST 2026/2027 TEST BANK ACTUAL EXAM
300 QUESTIONS AND CORRECT DETAILED
ANSWERS (VERIFIED ANSWERS) |ALREADY
GRADED A+
Which type of access control policy should be
implemented?
A Mandatory
B Physical
C Discretionary
D Attribute-based - ...ANSWER...D
A new software development company has
determined that one of its proprietary
algorithms is at a high risk for unauthorized
disclosure. The company's security up to this
point has been fairly lax.
Which procedure should the company implement
to protect this asset?
A Transfer the algorithm onto servers in the
demilitarized zone.
B Store the algorithm on highly available
servers.
,C Relocate the algorithm to encrypted storage.
D Create multiple off-site backups of the
algorithm. -
...ANSWER...C
An accounting firm stores financial data for
many customers. The company policy requires
that employees only access data for customers
they are assigned to. The company implements
a written policy indicating an employee can be
fired for violating this requirement.
Which type of control has the company
implemented?
A Deterrent
B Active
C Preventive
D Detective - ...ANSWER...A
A Implement account auditing.
B Remove unneeded services.
C Restrict account permissions.
D Remove unnecessary software. -
...ANSWER...C
A company implements an Internet-facing web
server for its sales force to review product
information. The sales force can also update its
profiles and profile photos, but not the product
information. There is no other information on
this server.
,A Read and limited write access
B Read and write access
C Limited write access only
D Limited read access only - ...ANSWER...A
How can the principle of least privilege be
applied to limit access to confidential personnel
records?
A Only allow access to those with elevated
security permissions.
B Only allow access to department heads and
executives.
C Only allow access to those who need access
to perform their job.
D Only allow access to those who work in the
human resources department. - ...ANSWER...C
A user runs an application that has been
infected with malware that is less than 24 hours
old. The malware then infects the operating
system.
Which safeguard should be implemented to
prevent this type of attack?
, C Modify the default user accounts.
D Limit user account privileges. - ...ANSWER...D
A company was the victim of a security breach
resulting in stolen user credentials. An attacker
used a stolen username and password to log in
to an employee email account.
Which security practice could have reduced the
post- breach impact of this event?
A Multi-factor authentication
B Operating system hardening
C Network segmentation
D Mutual authentication - ...ANSWER...A
A module in a security awareness course shows
a user making use of two-factor authentication
using a hardware token.
Which security failure is being addressed by this
training module?
A Tailgating
B Pretexting
C Malware infections
D Weak passwords - ...ANSWER...D
Which tool should an application developer use
to help identify input validation vulnerabilities?
A scanner
SECURITY EXAM OBJECTIVE ASSESSMENT
NEWEST 2026/2027 TEST BANK ACTUAL EXAM
300 QUESTIONS AND CORRECT DETAILED
ANSWERS (VERIFIED ANSWERS) |ALREADY
GRADED A+
Which type of access control policy should be
implemented?
A Mandatory
B Physical
C Discretionary
D Attribute-based - ...ANSWER...D
A new software development company has
determined that one of its proprietary
algorithms is at a high risk for unauthorized
disclosure. The company's security up to this
point has been fairly lax.
Which procedure should the company implement
to protect this asset?
A Transfer the algorithm onto servers in the
demilitarized zone.
B Store the algorithm on highly available
servers.
,C Relocate the algorithm to encrypted storage.
D Create multiple off-site backups of the
algorithm. -
...ANSWER...C
An accounting firm stores financial data for
many customers. The company policy requires
that employees only access data for customers
they are assigned to. The company implements
a written policy indicating an employee can be
fired for violating this requirement.
Which type of control has the company
implemented?
A Deterrent
B Active
C Preventive
D Detective - ...ANSWER...A
A Implement account auditing.
B Remove unneeded services.
C Restrict account permissions.
D Remove unnecessary software. -
...ANSWER...C
A company implements an Internet-facing web
server for its sales force to review product
information. The sales force can also update its
profiles and profile photos, but not the product
information. There is no other information on
this server.
,A Read and limited write access
B Read and write access
C Limited write access only
D Limited read access only - ...ANSWER...A
How can the principle of least privilege be
applied to limit access to confidential personnel
records?
A Only allow access to those with elevated
security permissions.
B Only allow access to department heads and
executives.
C Only allow access to those who need access
to perform their job.
D Only allow access to those who work in the
human resources department. - ...ANSWER...C
A user runs an application that has been
infected with malware that is less than 24 hours
old. The malware then infects the operating
system.
Which safeguard should be implemented to
prevent this type of attack?
, C Modify the default user accounts.
D Limit user account privileges. - ...ANSWER...D
A company was the victim of a security breach
resulting in stolen user credentials. An attacker
used a stolen username and password to log in
to an employee email account.
Which security practice could have reduced the
post- breach impact of this event?
A Multi-factor authentication
B Operating system hardening
C Network segmentation
D Mutual authentication - ...ANSWER...A
A module in a security awareness course shows
a user making use of two-factor authentication
using a hardware token.
Which security failure is being addressed by this
training module?
A Tailgating
B Pretexting
C Malware infections
D Weak passwords - ...ANSWER...D
Which tool should an application developer use
to help identify input validation vulnerabilities?
A scanner
