WGU COURSE C836 FUNDAMENTALS OF
INFORMATION SECURITY 596 2026
QUESTIONS WITH SOLUTIONS GRADED A+
◉ Compliance. Answer: Requirements that are set forth by laws and
industry regulations.
◉ CIA. Answer: Confidentiality, Integrity, Availability
◉ Confidentiality. Answer: Refers to our ability to protect our data
from those who are not authorized to use/view it
◉ Integrity. Answer: The ability to prevent people from changing
your data in an unauthorized or undesirable manner
◉ Availability. Answer: Refers to the ability to access our data when
we need it
◉ Possession/Control. Answer: refers to the physical disposition of
the media on which the data is stored. (tape examples where some
are encrypted and some are not)
,◉ Authenticity. Answer: whether you've attributed the data in
question to the proper owner or creator. (altered email that says it's
from one person when it's not - violation of the authenticity of the
email)
◉ Utility. Answer: refers to how useful the data is to you.
◉ Attacks. Answer: interception, interruption, modification, and
fabrication
◉ Interception. Answer: attacks that allow unauthorized users to
access your data, applications, or environments. Are primarily
attacks against confidentiality
◉ Interruption. Answer: attacks that make your assets unusable or
unavailable to you temporarily or permanently. DoS attack on a mail
server, for example. May also affect integrity
◉ Modification. Answer: attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity attack but
could also represent an availability attack.
◉ Fabrication. Answer: attacks involve generating data, processes,
communications, or other similar activities with a system.
,Fabrication attacks primarily affect integrity but could be
considered an availability attack as well.
◉ Risk. Answer: is the likelihood that an event will occur. To have
risk there must be a
threat and vulnerability.
◉ Threats. Answer: are any events being man-made, natural or
environmental that could cause damage to assets.
◉ Vulnerabilities. Answer: are a weakness that a threat event or the
threat agent can take advantage of.
◉ Impact. Answer: takes into account the value of the asset being
threatened and uses it to calculate risk
◉ Risk Management Process. Answer: Identify assets, identify
threats, assess vulnerabilities, assess risks, mitigate risks
◉ Defense in Depth. Answer: Using multiple layers of security to
defend your assets.
◉ Controls. Answer: are the ways we protect assets. Three different
types: physical, logical, administrative
, ◉ Physical Controls. Answer: environment; physical items that
protect assets think locks, doors, guards, and, fences or
environmental factors (time)
◉ Logical Controls. Answer: Sometimes called technical controls,
these protect the systems, networks, and environments that process,
transmit, and store our data
◉ Administrative Controls. Answer: based on laws, rules, policies,
and procedures, guidelines, and other items that are "paper" in
nature. They are the policies that organizations create for
governance. For example, acceptable use and email use policies.
◉ Preparation. Answer: phase of incident response consists of all of
the activities that we can perform, in advance of the incident itself, in
order to better enable us to handle it.
◉ Incident Response Process. Answer: 1. Preparation
2. Detection and Analysis (Identification)
3. Containment
4. Eradication
5. Recovery
6. Post-incident activity: document/Lessons learned
INFORMATION SECURITY 596 2026
QUESTIONS WITH SOLUTIONS GRADED A+
◉ Compliance. Answer: Requirements that are set forth by laws and
industry regulations.
◉ CIA. Answer: Confidentiality, Integrity, Availability
◉ Confidentiality. Answer: Refers to our ability to protect our data
from those who are not authorized to use/view it
◉ Integrity. Answer: The ability to prevent people from changing
your data in an unauthorized or undesirable manner
◉ Availability. Answer: Refers to the ability to access our data when
we need it
◉ Possession/Control. Answer: refers to the physical disposition of
the media on which the data is stored. (tape examples where some
are encrypted and some are not)
,◉ Authenticity. Answer: whether you've attributed the data in
question to the proper owner or creator. (altered email that says it's
from one person when it's not - violation of the authenticity of the
email)
◉ Utility. Answer: refers to how useful the data is to you.
◉ Attacks. Answer: interception, interruption, modification, and
fabrication
◉ Interception. Answer: attacks that allow unauthorized users to
access your data, applications, or environments. Are primarily
attacks against confidentiality
◉ Interruption. Answer: attacks that make your assets unusable or
unavailable to you temporarily or permanently. DoS attack on a mail
server, for example. May also affect integrity
◉ Modification. Answer: attacks involve tampering with our asset.
Such attacks might primarily be considered an integrity attack but
could also represent an availability attack.
◉ Fabrication. Answer: attacks involve generating data, processes,
communications, or other similar activities with a system.
,Fabrication attacks primarily affect integrity but could be
considered an availability attack as well.
◉ Risk. Answer: is the likelihood that an event will occur. To have
risk there must be a
threat and vulnerability.
◉ Threats. Answer: are any events being man-made, natural or
environmental that could cause damage to assets.
◉ Vulnerabilities. Answer: are a weakness that a threat event or the
threat agent can take advantage of.
◉ Impact. Answer: takes into account the value of the asset being
threatened and uses it to calculate risk
◉ Risk Management Process. Answer: Identify assets, identify
threats, assess vulnerabilities, assess risks, mitigate risks
◉ Defense in Depth. Answer: Using multiple layers of security to
defend your assets.
◉ Controls. Answer: are the ways we protect assets. Three different
types: physical, logical, administrative
, ◉ Physical Controls. Answer: environment; physical items that
protect assets think locks, doors, guards, and, fences or
environmental factors (time)
◉ Logical Controls. Answer: Sometimes called technical controls,
these protect the systems, networks, and environments that process,
transmit, and store our data
◉ Administrative Controls. Answer: based on laws, rules, policies,
and procedures, guidelines, and other items that are "paper" in
nature. They are the policies that organizations create for
governance. For example, acceptable use and email use policies.
◉ Preparation. Answer: phase of incident response consists of all of
the activities that we can perform, in advance of the incident itself, in
order to better enable us to handle it.
◉ Incident Response Process. Answer: 1. Preparation
2. Detection and Analysis (Identification)
3. Containment
4. Eradication
5. Recovery
6. Post-incident activity: document/Lessons learned
