WGU C836 Exam 2025 | Fundamentals of
Information Security Exam | Questions and
Correct Answers | Western Governors
University | Just Released
A particularly complex and impactful item of malware that targeted the
Supervisory Control and Data Acquisition (SCADA) systems that run various
industrial processes; this piece of malware raised the bar for malware from largely
being a virtual-based attack to actually being physically destructive ---------
CORRECT ANSWER-----------------stuxnet
A type of tool that uses signature matching or anomaly detection (heuristics) to
detect malware threats, either in real-time or by performing scans of files and
processes ---------CORRECT ANSWER-----------------anti-malware tool
The process of anomaly detection used by anti-malware tools to detect malware
without signatures ---------CORRECT ANSWER-----------------heuristics
A hardware and software-based technology that prevents certain portions of the
memory used by the operating system and applications from being used to
execute code ---------CORRECT ANSWER-----------------executable space protection
,The act of inputting more data than an application is expecting from a particular
input, creating the possibility of executing commands by specifically crafting the
excess data ---------CORRECT ANSWER-----------------buffer overflow (overrun)
A security method that involves shifting the contents of memory around to make
tampering difficult ---------CORRECT ANSWER-----------------ASLR (Address Space
Layout Randomization)
This type of firewall generally contains a subset of the features on a large firewall
appliance but is often capable of similar packet filtering and stateful packet
inspection activities ---------CORRECT ANSWER-----------------software firewall
A system used to analyze the activities on or directed at the network interface of
a particular host.
* may communicate with management device by sending regular beacons ---------
CORRECT ANSWER-----------------HIDS (host-based intrusion detection system)
a type of tool that can detect various security flaws when examining hosts ---------
CORRECT ANSWER-----------------scanner
A tool that is aimed specifically at the task of finding and reporting network
services on hosts that have known vulnerabilities ---------CORRECT ANSWER---------
--------vulnerability assessment tool
,A well-known vulnerability assessment tool that includes a port scanner ---------
CORRECT ANSWER-----------------Nessus
The 1st Law of Haas' Laws of Operations Security ---------CORRECT ANSWER---------
--------If you don't know the threat, how do you know what to protect?
The 2nd Law of Haas' Laws of Operations Security ---------CORRECT ANSWER--------
---------If you don't know what to protect, how do you know you are protecting it?
The 3rd Law of Haas' Laws of Operations Security ---------CORRECT ANSWER---------
--------If you are not protecting it, the dragon wins!
Services that are hosted, often over the Internet, for the purposes of delivering
easily scaled computing services or resources ---------CORRECT ANSWER--------------
---cloud computing
1st step in the OPSEC process, arguably the most important: to identify the assets
that most need protection and will cause us the most harm if exposed ---------
CORRECT ANSWER-----------------identification of critical information
, 2nd step in the OPSEC process: to look at the potential harm or financial impact
that might be caused by critical information being exposed, and who might
exploit that exposure ---------CORRECT ANSWER-----------------analysis of threats
3rd step in the OPSEC process: to look at the weaknesses that can be used to
harm us ---------CORRECT ANSWER-----------------analysis of vulnerabilities
4th step in the OPSEC process: to determine what issues we really need to be
concerned about (areas with matching threats and vulnerabilities) ---------
CORRECT ANSWER-----------------assessment of risks
5th step in the OPSEC process: to put measures in place to mitigate risks ---------
CORRECT ANSWER-----------------appliance of countermeasures
This law provides a framework for ensuring the effectiveness of information
security controls in federal government
- changed from Management (2002) to Modernization in 2014 ---------CORRECT
ANSWER-----------------FISMA (Federal Information Security Modernization Act)
Information Security Exam | Questions and
Correct Answers | Western Governors
University | Just Released
A particularly complex and impactful item of malware that targeted the
Supervisory Control and Data Acquisition (SCADA) systems that run various
industrial processes; this piece of malware raised the bar for malware from largely
being a virtual-based attack to actually being physically destructive ---------
CORRECT ANSWER-----------------stuxnet
A type of tool that uses signature matching or anomaly detection (heuristics) to
detect malware threats, either in real-time or by performing scans of files and
processes ---------CORRECT ANSWER-----------------anti-malware tool
The process of anomaly detection used by anti-malware tools to detect malware
without signatures ---------CORRECT ANSWER-----------------heuristics
A hardware and software-based technology that prevents certain portions of the
memory used by the operating system and applications from being used to
execute code ---------CORRECT ANSWER-----------------executable space protection
,The act of inputting more data than an application is expecting from a particular
input, creating the possibility of executing commands by specifically crafting the
excess data ---------CORRECT ANSWER-----------------buffer overflow (overrun)
A security method that involves shifting the contents of memory around to make
tampering difficult ---------CORRECT ANSWER-----------------ASLR (Address Space
Layout Randomization)
This type of firewall generally contains a subset of the features on a large firewall
appliance but is often capable of similar packet filtering and stateful packet
inspection activities ---------CORRECT ANSWER-----------------software firewall
A system used to analyze the activities on or directed at the network interface of
a particular host.
* may communicate with management device by sending regular beacons ---------
CORRECT ANSWER-----------------HIDS (host-based intrusion detection system)
a type of tool that can detect various security flaws when examining hosts ---------
CORRECT ANSWER-----------------scanner
A tool that is aimed specifically at the task of finding and reporting network
services on hosts that have known vulnerabilities ---------CORRECT ANSWER---------
--------vulnerability assessment tool
,A well-known vulnerability assessment tool that includes a port scanner ---------
CORRECT ANSWER-----------------Nessus
The 1st Law of Haas' Laws of Operations Security ---------CORRECT ANSWER---------
--------If you don't know the threat, how do you know what to protect?
The 2nd Law of Haas' Laws of Operations Security ---------CORRECT ANSWER--------
---------If you don't know what to protect, how do you know you are protecting it?
The 3rd Law of Haas' Laws of Operations Security ---------CORRECT ANSWER---------
--------If you are not protecting it, the dragon wins!
Services that are hosted, often over the Internet, for the purposes of delivering
easily scaled computing services or resources ---------CORRECT ANSWER--------------
---cloud computing
1st step in the OPSEC process, arguably the most important: to identify the assets
that most need protection and will cause us the most harm if exposed ---------
CORRECT ANSWER-----------------identification of critical information
, 2nd step in the OPSEC process: to look at the potential harm or financial impact
that might be caused by critical information being exposed, and who might
exploit that exposure ---------CORRECT ANSWER-----------------analysis of threats
3rd step in the OPSEC process: to look at the weaknesses that can be used to
harm us ---------CORRECT ANSWER-----------------analysis of vulnerabilities
4th step in the OPSEC process: to determine what issues we really need to be
concerned about (areas with matching threats and vulnerabilities) ---------
CORRECT ANSWER-----------------assessment of risks
5th step in the OPSEC process: to put measures in place to mitigate risks ---------
CORRECT ANSWER-----------------appliance of countermeasures
This law provides a framework for ensuring the effectiveness of information
security controls in federal government
- changed from Management (2002) to Modernization in 2014 ---------CORRECT
ANSWER-----------------FISMA (Federal Information Security Modernization Act)
