(2025/2026) Assessment for WGU D430
fundamentals of information security Exam
with Questions and Verified Rationalized Answers 100% Pass Score
1. Information security: protecting data, software, and hardware secure against unauthor
v v v v v v v v v
ized access, use, disclosure, disruption, modification, or destruction.
v v v v v v v
2. Compliance: The requirements that are set forth by laws and industry regula- tions.
v v v v v v v v v v v v
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA-
v v v v v v v v
federal government agencies
v v v
3. DAD Triad: Disclosure, alteration, and denial
v v v v v
4. CIA Triad: The core model of all information security concepts. Confidential, integrity
v v v v v v v v v v v v
and availability
v
5. Confidential: Ability to protect our data from those who are not authorized to view it.
v v v v v v v v v v v v v v
6. What ways can confidentiality be compromised?: - lose a personal laptop with data
v v v v v v v v v v v v
- Person can view your password you are entering in
v v v v v v v v
- Send an email attachment to the wrong person.
v v v v v v v
- Attacker can penetrate your systems.......... etc.
v v v v
7. integrity: Keeping data unaltered by accidental or malicious intent
v v v v v v v v
8. How to maintain integrity?: Prevent unauthorized changes to the data and the ability to r
v v v v v v v v v v v v v v
everse unwanted authorized changes.
v v v
Via system/file permissions or Undo/Roll back undesirable changes.
v v v v v v v
1v/v37
,9. Availability: The ability to access data when needed
v v v v v v v
10. Ways Availability can be compromised: - Power loss
v v v v v v v
- Application issues v
- Network attacks v
- System compromised (DoS)
v v
11. Denial of Service (DoS): Security problem in which users are not able to access an inform
v v v v v v v v v v v v v v v
ation system; can be caused by human errors, natural disaster, or malicious activity.
v v v v v v v v v v v v
12. Parkerian hexad model: A model that adds three more principle triad: s to the CIA
v v v v v v v v v v
v v v
Possession/Control U v
tility
Authenticity
13. Possession/ control: Refers to the physical disposition of the media on which the data i
v v v v v v v v v v v v v v
s stored; This allows you to discuss loss of data via its physical medium.
v v v v v v v v v v v v v
2v/v37
,14. Principle of Possession example: Lost package (encrypted USB's and unen-
v v v v v v v v v
v crypted USB's) v
possession is an issue because the tapes are physically lost.
v v v v v v v v v
(Unencrypted is compromised via confidentiality and possession; encrypted is com-
v v v v v v v v v
v promised only via possession). v v v
15. Principle of Authenticity: Allows you to say whether you've attributed the data in questi
v v v v v v v v v v v v v
on to the proper owner/creator.
v v v v
16. Ways authenticity can be compromised: Sending an email but altering the message
v v v v v v v v v v v v
to look like it came from someone else, than the original one that was sent.
v v v v v v v v v v v v v v
17. Utility: How useful the data is to you. v v v v v v v
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
v v v v v v v v
18. Security Attacks: Broken down from the type of attack, risk the attack repre-
v v v v v v v v v v v v
v sents, and controls you might use to mitigate it.
v v v v v v v v
19. Types of attacks: 1- interceptionv v v v
2- interruption
3- modification
4- fabrication
20. Interception: Attacks allows unauthorized users to access our data, applica- v v v v v v v v v
v tions, or environments.
v v
Primarily an attack against confidentiality
v v v v
21. Interception Attack Examples: Unauthorized file viewing, copying, eavesdrop-
v v v v v v v
3v/v37
, v ping on phone conversations, reading someone's emails.
v v v v v v
22. Interruption: Attacks cause our assets to become unstable or unavailable for our use,
v v v v v v v v v v v v v
on a temporary or permanent basis.
v v v v v
This attack affects availability but can also attack integrity
v v v v v v v v
23. Interruption Attack Examples: DoS attack on a mail server; availability attack
v v v v v v v v v v
Attacker manipulates the processes on which a database runs to prevent access; integrity at
v v v v v v v v v v v v v
ack.
Could also be a combo of both.
v v v v v v
24. Modification: Attacks involve tampering with our asset.v v v v v v
4v/v37
fundamentals of information security Exam
with Questions and Verified Rationalized Answers 100% Pass Score
1. Information security: protecting data, software, and hardware secure against unauthor
v v v v v v v v v
ized access, use, disclosure, disruption, modification, or destruction.
v v v v v v v
2. Compliance: The requirements that are set forth by laws and industry regula- tions.
v v v v v v v v v v v v
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA-
v v v v v v v v
federal government agencies
v v v
3. DAD Triad: Disclosure, alteration, and denial
v v v v v
4. CIA Triad: The core model of all information security concepts. Confidential, integrity
v v v v v v v v v v v v
and availability
v
5. Confidential: Ability to protect our data from those who are not authorized to view it.
v v v v v v v v v v v v v v
6. What ways can confidentiality be compromised?: - lose a personal laptop with data
v v v v v v v v v v v v
- Person can view your password you are entering in
v v v v v v v v
- Send an email attachment to the wrong person.
v v v v v v v
- Attacker can penetrate your systems.......... etc.
v v v v
7. integrity: Keeping data unaltered by accidental or malicious intent
v v v v v v v v
8. How to maintain integrity?: Prevent unauthorized changes to the data and the ability to r
v v v v v v v v v v v v v v
everse unwanted authorized changes.
v v v
Via system/file permissions or Undo/Roll back undesirable changes.
v v v v v v v
1v/v37
,9. Availability: The ability to access data when needed
v v v v v v v
10. Ways Availability can be compromised: - Power loss
v v v v v v v
- Application issues v
- Network attacks v
- System compromised (DoS)
v v
11. Denial of Service (DoS): Security problem in which users are not able to access an inform
v v v v v v v v v v v v v v v
ation system; can be caused by human errors, natural disaster, or malicious activity.
v v v v v v v v v v v v
12. Parkerian hexad model: A model that adds three more principle triad: s to the CIA
v v v v v v v v v v
v v v
Possession/Control U v
tility
Authenticity
13. Possession/ control: Refers to the physical disposition of the media on which the data i
v v v v v v v v v v v v v v
s stored; This allows you to discuss loss of data via its physical medium.
v v v v v v v v v v v v v
2v/v37
,14. Principle of Possession example: Lost package (encrypted USB's and unen-
v v v v v v v v v
v crypted USB's) v
possession is an issue because the tapes are physically lost.
v v v v v v v v v
(Unencrypted is compromised via confidentiality and possession; encrypted is com-
v v v v v v v v v
v promised only via possession). v v v
15. Principle of Authenticity: Allows you to say whether you've attributed the data in questi
v v v v v v v v v v v v v
on to the proper owner/creator.
v v v v
16. Ways authenticity can be compromised: Sending an email but altering the message
v v v v v v v v v v v v
to look like it came from someone else, than the original one that was sent.
v v v v v v v v v v v v v v
17. Utility: How useful the data is to you. v v v v v v v
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
v v v v v v v v
18. Security Attacks: Broken down from the type of attack, risk the attack repre-
v v v v v v v v v v v v
v sents, and controls you might use to mitigate it.
v v v v v v v v
19. Types of attacks: 1- interceptionv v v v
2- interruption
3- modification
4- fabrication
20. Interception: Attacks allows unauthorized users to access our data, applica- v v v v v v v v v
v tions, or environments.
v v
Primarily an attack against confidentiality
v v v v
21. Interception Attack Examples: Unauthorized file viewing, copying, eavesdrop-
v v v v v v v
3v/v37
, v ping on phone conversations, reading someone's emails.
v v v v v v
22. Interruption: Attacks cause our assets to become unstable or unavailable for our use,
v v v v v v v v v v v v v
on a temporary or permanent basis.
v v v v v
This attack affects availability but can also attack integrity
v v v v v v v v
23. Interruption Attack Examples: DoS attack on a mail server; availability attack
v v v v v v v v v v
Attacker manipulates the processes on which a database runs to prevent access; integrity at
v v v v v v v v v v v v v
ack.
Could also be a combo of both.
v v v v v v
24. Modification: Attacks involve tampering with our asset.v v v v v v
4v/v37
