WGU Fundamentals of Information Security
| 2025 | - C836 Questions with Detailed
Verified Answers
1. A type of tool that uses signature matching or anomaly
detection (heuristics) to detect malware threats, either in real-
time or by performing scans of files and processes -
ANSWER anti-malware tool
2. in this method of security, a person's capabilities are oriented
around the use of a token that controls their access (e.g. a
personal badge) - ANSWER capability-based security
3. A type of attack that is more common in systems that use
ACLs rather than capabilities;
- when software has greater permissions than user, the
user can trick the software into misusing authority -
ANSWER confused deputy problem
4. a type of attack that misuses the authority of the browser on
the user's computer - ANSWER CSRF (Cross Site Request
Forgery)
,5. client-side attack that involves the attacker placing an
invisible layer over something on a website that the user
would normally click on in order to execute a command
differing from what a user thinks they are performing
- takes advantage of some of the page rendering features
that are available in newer browsers - ANSWER
clickjacking (user interface redressing)
6. access control model in which access is determined by the
owner of the resource in question
- e.g. network share permissions - ANSWER DAC
(Discretionary Access Control)
7. access is based on the role the individual is performing
- similar to MAC in that access controls are set by an
authority responsible for doing so, rather than by the
owner of the resource - ANSWER RBAC (Role
Based Access Control)
8. access control model in which access is based on attributes (of
a person, a resource, or an environment) - ANSWER
ABAC (attribute-based access control)
,9. Attributes of a particular individual, such as height -
ANSWER subject attributes
10. Attributes that relate to a particular resource, such as
operating system or application - ANSWER resource
attributes
11. Attributes that relate to environmental conditions, such as
time of day or length of time - ANSWER environmental
attributes
- Designed to prevent conflicts of interest
- commonly used in industries that handle sensitive data
- 3 main resources classes are considered in this model:
objects, company groups, and conflict classes -
ANSWER ✔ Brewer and Nash model
12. A combination of DAC and MAC, primarily concerned
with the confidentiality of the resource.
- 2 security properties define how information can flow
to and from the resource: the simple security property
, and the * property - ANSWER Bell-LaPadula
Model
13. Primarily concerned with protecting the integrity of data,
even at the expense of confidentiality.
- 2 security rules: the simple integrity axiom and the *
integrity axiom - ANSWER Biba model
14. A method by which a person follows directly behind
another person who authenticates to the physical access
control measure, thus allowing the follower to gain access
without authenticating - ANSWER Tailgating
15. Access controls that regulate movement into and out of
building or facilities - ANSWER Physical access controls
16. An access control model that includes many tiers of
security and is used extensively by military and government
organizations and those that handle data of a very sensitive
nature - ANSWER Multilevel access control model
| 2025 | - C836 Questions with Detailed
Verified Answers
1. A type of tool that uses signature matching or anomaly
detection (heuristics) to detect malware threats, either in real-
time or by performing scans of files and processes -
ANSWER anti-malware tool
2. in this method of security, a person's capabilities are oriented
around the use of a token that controls their access (e.g. a
personal badge) - ANSWER capability-based security
3. A type of attack that is more common in systems that use
ACLs rather than capabilities;
- when software has greater permissions than user, the
user can trick the software into misusing authority -
ANSWER confused deputy problem
4. a type of attack that misuses the authority of the browser on
the user's computer - ANSWER CSRF (Cross Site Request
Forgery)
,5. client-side attack that involves the attacker placing an
invisible layer over something on a website that the user
would normally click on in order to execute a command
differing from what a user thinks they are performing
- takes advantage of some of the page rendering features
that are available in newer browsers - ANSWER
clickjacking (user interface redressing)
6. access control model in which access is determined by the
owner of the resource in question
- e.g. network share permissions - ANSWER DAC
(Discretionary Access Control)
7. access is based on the role the individual is performing
- similar to MAC in that access controls are set by an
authority responsible for doing so, rather than by the
owner of the resource - ANSWER RBAC (Role
Based Access Control)
8. access control model in which access is based on attributes (of
a person, a resource, or an environment) - ANSWER
ABAC (attribute-based access control)
,9. Attributes of a particular individual, such as height -
ANSWER subject attributes
10. Attributes that relate to a particular resource, such as
operating system or application - ANSWER resource
attributes
11. Attributes that relate to environmental conditions, such as
time of day or length of time - ANSWER environmental
attributes
- Designed to prevent conflicts of interest
- commonly used in industries that handle sensitive data
- 3 main resources classes are considered in this model:
objects, company groups, and conflict classes -
ANSWER ✔ Brewer and Nash model
12. A combination of DAC and MAC, primarily concerned
with the confidentiality of the resource.
- 2 security properties define how information can flow
to and from the resource: the simple security property
, and the * property - ANSWER Bell-LaPadula
Model
13. Primarily concerned with protecting the integrity of data,
even at the expense of confidentiality.
- 2 security rules: the simple integrity axiom and the *
integrity axiom - ANSWER Biba model
14. A method by which a person follows directly behind
another person who authenticates to the physical access
control measure, thus allowing the follower to gain access
without authenticating - ANSWER Tailgating
15. Access controls that regulate movement into and out of
building or facilities - ANSWER Physical access controls
16. An access control model that includes many tiers of
security and is used extensively by military and government
organizations and those that handle data of a very sensitive
nature - ANSWER Multilevel access control model
