WGU D430 Fundamentals of Information Security OA
Actual Exam 2026 | Questions with Verified Answers |
100% Correct | Pass Guaranteed
SECTION 1: Security Concepts & Governance
Q1: Which component of the CIA triad ensures that information has not been altered in
an unauthorized manner?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: B
Rationale: Integrity guarantees that data remains accurate and unmodified except by
authorized users; hash comparisons and digital signatures are common controls.
Confidentiality (A) protects against unauthorized disclosure, Availability (C) ensures
timely access, and Non-repudiation (D) prevents denial of actions but does not directly
address alteration.
Q2: A hospital needs to comply with a U.S. regulation that mandates administrative,
physical, and technical safeguards for protected health information. Which standard or
law applies?
,A. SOX
B. HIPAA
C. FERPA
D. PCI-DSS
Correct Answer: B
Rationale: HIPAA’s Security Rule specifically requires those three safeguard categories
for PHI. SOX (A) governs financial reporting, FERPA (C) covers student records, and
PCI-DSS (D) applies to cardholder data.
Q3: During a qualitative risk assessment, a team rates the likelihood of a threat as
“High” and the impact as “Low.” According to NIST SP 800-30, what is the resulting risk
level?
A. Very High
B. High
C. Moderate
D. Low
Correct Answer: C
Rationale: NIST’s qualitative risk matrix typically maps High/Low to Moderate risk; Very
High (A) and High (B) require both factors to be high, while Low (D) would need both to
be low or likelihood very low.
Q4: Which document expresses the high-level management intent for information
security, provides authority, and is mandatory for all employees?
, A. Procedure
B. Standard
C. Policy
D. Guideline
Correct Answer: C
Rationale: A security policy is the top-tier governance document that states
management’s position and is enforceable. Standards (B) specify mandatory
requirements for implementation, procedures (A) give step-by-step instructions, and
guidelines (D) are recommendations.
Q5: A company adopts COBIT 2019 to integrate security into IT governance. Which
process domain primarily focuses on ensuring that IT risk is managed and aligned with
business risk appetite?
A. APO – Align, Plan & Organize
B. BAI – Build, Acquire & Implement
C. DSS – Deliver, Service & Support
D. MEA – Monitor, Evaluate & Assess
Correct Answer: A
Rationale: APO domain includes risk management processes that set governance
frameworks and align IT risk with enterprise risk. BAI (B) covers solution delivery, DSS
(C) covers operations, and MEA (D) covers performance monitoring but not initial risk
alignment.
Actual Exam 2026 | Questions with Verified Answers |
100% Correct | Pass Guaranteed
SECTION 1: Security Concepts & Governance
Q1: Which component of the CIA triad ensures that information has not been altered in
an unauthorized manner?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: B
Rationale: Integrity guarantees that data remains accurate and unmodified except by
authorized users; hash comparisons and digital signatures are common controls.
Confidentiality (A) protects against unauthorized disclosure, Availability (C) ensures
timely access, and Non-repudiation (D) prevents denial of actions but does not directly
address alteration.
Q2: A hospital needs to comply with a U.S. regulation that mandates administrative,
physical, and technical safeguards for protected health information. Which standard or
law applies?
,A. SOX
B. HIPAA
C. FERPA
D. PCI-DSS
Correct Answer: B
Rationale: HIPAA’s Security Rule specifically requires those three safeguard categories
for PHI. SOX (A) governs financial reporting, FERPA (C) covers student records, and
PCI-DSS (D) applies to cardholder data.
Q3: During a qualitative risk assessment, a team rates the likelihood of a threat as
“High” and the impact as “Low.” According to NIST SP 800-30, what is the resulting risk
level?
A. Very High
B. High
C. Moderate
D. Low
Correct Answer: C
Rationale: NIST’s qualitative risk matrix typically maps High/Low to Moderate risk; Very
High (A) and High (B) require both factors to be high, while Low (D) would need both to
be low or likelihood very low.
Q4: Which document expresses the high-level management intent for information
security, provides authority, and is mandatory for all employees?
, A. Procedure
B. Standard
C. Policy
D. Guideline
Correct Answer: C
Rationale: A security policy is the top-tier governance document that states
management’s position and is enforceable. Standards (B) specify mandatory
requirements for implementation, procedures (A) give step-by-step instructions, and
guidelines (D) are recommendations.
Q5: A company adopts COBIT 2019 to integrate security into IT governance. Which
process domain primarily focuses on ensuring that IT risk is managed and aligned with
business risk appetite?
A. APO – Align, Plan & Organize
B. BAI – Build, Acquire & Implement
C. DSS – Deliver, Service & Support
D. MEA – Monitor, Evaluate & Assess
Correct Answer: A
Rationale: APO domain includes risk management processes that set governance
frameworks and align IT risk with enterprise risk. BAI (B) covers solution delivery, DSS
(C) covers operations, and MEA (D) covers performance monitoring but not initial risk
alignment.
