WGU D430 FUNDAMENTALS OF INFORMATION SECURITY
2026/2027 | Objective Assessment Test Bank | 300 Actual
Exam Questions | Verified Answers | Already Graded A+ |
Pass Guaranteed
Domain 1: Security Fundamentals & CIA Triad (Q1-45)
Q1. Which three core principles form the CIA Triad in information security?
A. Control, Integrity, Authentication
B. Confidentiality, Integrity, Availability
C. Cryptography, Identity, Access
D. Compliance, Investigation, Audit
B. Confidentiality, Integrity, Availability [CORRECT]
Rationale: The CIA Triad consists of Confidentiality (preventing unauthorized
disclosure), Integrity (preventing unauthorized modification), and Availability (ensuring
timely access). Options A, C, and D are fabricated or incorrect combinations.
Correct Answer: B
Q2. A hospital encrypts all patient records to prevent unauthorized viewing. Which CIA
Triad principle is primarily addressed?
A. Integrity
B. Availability
C. Confidentiality
D. Non-repudiation
C. Confidentiality [CORRECT]
Rationale: Encryption prevents unauthorized disclosure of data, which directly supports
confidentiality. Option A protects against modification, B ensures accessibility, and D is
a separate security principle not part of the CIA Triad.
,Correct Answer: C
Q3. A bank implements digital signatures and checksums on all wire transfer
instructions to ensure transactions are not altered in transit. Which principle is primarily
supported?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
B. Integrity [CORRECT]
Rationale: Digital signatures and checksums detect unauthorized modifications,
ensuring data integrity. Option A prevents disclosure, C ensures access, and D verifies
identity but is not the primary CIA principle here.
Correct Answer: B
Q4. A company deploys redundant servers and backup power generators to ensure
systems remain operational during a natural disaster. Which principle is primarily
supported?
A. Confidentiality
B. Integrity
C. Availability
D. Accountability
C. Availability [CORRECT]
Rationale: Redundancy and backup power ensure continuous system access and
uptime, supporting availability. Options A and B address other CIA components, and D is
not part of the triad.
Correct Answer: C
Q5. In a military command system, orders must be delivered without alteration even if
the enemy intercepts the communication. Which CIA principle takes highest priority?
A. Confidentiality
,B. Integrity
C. Availability
D. All three are equally prioritized
B. Integrity [CORRECT]
Rationale: Military orders must not be modified; integrity is paramount even if
confidentiality is compromised. Option A is secondary here, C is important but less
critical than preventing tampered orders, and D ignores context-dependent prioritization.
Correct Answer: B
Q6. A public news website experiences a DDoS attack that renders it inaccessible.
Which CIA principle is most directly violated?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
C. Availability [CORRECT]
Rationale: DDoS attacks overwhelm systems to deny legitimate access, directly
violating availability. Options A and B are not primarily affected by DDoS, and D is
unrelated.
Correct Answer: C
Q7. Which security control category includes firewalls, encryption, and intrusion
prevention systems?
A. Administrative controls
B. Physical controls
C. Technical controls
D. Operational controls
C. Technical controls [CORRECT]
, Rationale: Technical (logical) controls use technology to enforce security, including
firewalls, encryption, and IPS. Options A are policies and procedures, B are physical
barriers, and D is a subset of administrative controls.
Correct Answer: C
Q8. A company policy requiring employees to complete annual security awareness
training is an example of which control type?
A. Technical control
B. Physical control
C. Administrative control
D. Compensating control
C. Administrative control [CORRECT]
Rationale: Policies, procedures, and training are administrative controls. Option A uses
technology, B uses physical mechanisms, and D is a secondary control used when
primary controls are insufficient.
Correct Answer: C
Q9. A mantrap that prevents tailgating into a data center is an example of which control
type?
A. Technical control
B. Physical control
C. Administrative control
D. Detective control
B. Physical control [CORRECT]
Rationale: Mantraps are physical barriers restricting facility access. Option A involves
software/hardware logic, C involves policies, and D is a control function rather than a
type.
Correct Answer: B
2026/2027 | Objective Assessment Test Bank | 300 Actual
Exam Questions | Verified Answers | Already Graded A+ |
Pass Guaranteed
Domain 1: Security Fundamentals & CIA Triad (Q1-45)
Q1. Which three core principles form the CIA Triad in information security?
A. Control, Integrity, Authentication
B. Confidentiality, Integrity, Availability
C. Cryptography, Identity, Access
D. Compliance, Investigation, Audit
B. Confidentiality, Integrity, Availability [CORRECT]
Rationale: The CIA Triad consists of Confidentiality (preventing unauthorized
disclosure), Integrity (preventing unauthorized modification), and Availability (ensuring
timely access). Options A, C, and D are fabricated or incorrect combinations.
Correct Answer: B
Q2. A hospital encrypts all patient records to prevent unauthorized viewing. Which CIA
Triad principle is primarily addressed?
A. Integrity
B. Availability
C. Confidentiality
D. Non-repudiation
C. Confidentiality [CORRECT]
Rationale: Encryption prevents unauthorized disclosure of data, which directly supports
confidentiality. Option A protects against modification, B ensures accessibility, and D is
a separate security principle not part of the CIA Triad.
,Correct Answer: C
Q3. A bank implements digital signatures and checksums on all wire transfer
instructions to ensure transactions are not altered in transit. Which principle is primarily
supported?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
B. Integrity [CORRECT]
Rationale: Digital signatures and checksums detect unauthorized modifications,
ensuring data integrity. Option A prevents disclosure, C ensures access, and D verifies
identity but is not the primary CIA principle here.
Correct Answer: B
Q4. A company deploys redundant servers and backup power generators to ensure
systems remain operational during a natural disaster. Which principle is primarily
supported?
A. Confidentiality
B. Integrity
C. Availability
D. Accountability
C. Availability [CORRECT]
Rationale: Redundancy and backup power ensure continuous system access and
uptime, supporting availability. Options A and B address other CIA components, and D is
not part of the triad.
Correct Answer: C
Q5. In a military command system, orders must be delivered without alteration even if
the enemy intercepts the communication. Which CIA principle takes highest priority?
A. Confidentiality
,B. Integrity
C. Availability
D. All three are equally prioritized
B. Integrity [CORRECT]
Rationale: Military orders must not be modified; integrity is paramount even if
confidentiality is compromised. Option A is secondary here, C is important but less
critical than preventing tampered orders, and D ignores context-dependent prioritization.
Correct Answer: B
Q6. A public news website experiences a DDoS attack that renders it inaccessible.
Which CIA principle is most directly violated?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
C. Availability [CORRECT]
Rationale: DDoS attacks overwhelm systems to deny legitimate access, directly
violating availability. Options A and B are not primarily affected by DDoS, and D is
unrelated.
Correct Answer: C
Q7. Which security control category includes firewalls, encryption, and intrusion
prevention systems?
A. Administrative controls
B. Physical controls
C. Technical controls
D. Operational controls
C. Technical controls [CORRECT]
, Rationale: Technical (logical) controls use technology to enforce security, including
firewalls, encryption, and IPS. Options A are policies and procedures, B are physical
barriers, and D is a subset of administrative controls.
Correct Answer: C
Q8. A company policy requiring employees to complete annual security awareness
training is an example of which control type?
A. Technical control
B. Physical control
C. Administrative control
D. Compensating control
C. Administrative control [CORRECT]
Rationale: Policies, procedures, and training are administrative controls. Option A uses
technology, B uses physical mechanisms, and D is a secondary control used when
primary controls are insufficient.
Correct Answer: C
Q9. A mantrap that prevents tailgating into a data center is an example of which control
type?
A. Technical control
B. Physical control
C. Administrative control
D. Detective control
B. Physical control [CORRECT]
Rationale: Mantraps are physical barriers restricting facility access. Option A involves
software/hardware logic, C involves policies, and D is a control function rather than a
type.
Correct Answer: B
