WGU D430 Fundamentals of Information Security Exam
| 70+ (2025–2026 Full Exam Kit) | Solved Q&A
The WGU D430 Fundamentals of Information Security Exam (2025–2026 Edition)
is a verified and comprehensive Q&A resource designed to help students master essential
cybersecurity concepts tested in the WGU course. This full exam kit contains 70+ expertly
developed questions with complete and accurate solutions — ensuring A+ readiness
and a deeper understanding of modern information security frameworks and best practices.
Introduction
This updated 2025–2026 study and Q&A guide provides coverage of critical security topics
including Confidentiality, Integrity, and Availability (CIA) triad, risk management,
access control models, network security, cryptography, incident response, and
compliance standards (e.g., NIST, ISO 27001). Each solution includes explanations
focused on practical application and exam comprehension to support concept mastery.
Answer Format
All correct answers are highlighted in bold green for clear identification. Each response is
followed by a concise rationale explaining the underlying security principle or industry best
practice being assessed.
Questions 1–70
1. What does the Confidentiality component of the CIA triad ensure?
a) Data is available when needed
b) Data is protected from unauthorized access
c) Data remains unchanged during transmission
d) Data is accessible to all users
b) Data is protected from unauthorized access
Rationale: Confidentiality ensures that data is only accessible to authorized individuals,
typically through encryption and access controls.
2. What is the primary goal of risk management in information security?
a) To eliminate all risks
b) To identify, assess, and mitigate risks
c) To increase system performance
d) To simplify user access
b) To identify, assess, and mitigate risks
Rationale: Risk management involves identifying potential threats, assessing their impact, and
implementing controls to reduce risks to an acceptable level.
, 3. Which access control model uses predefined rules to determine
permissions?
a) Discretionary Access Control (DAC)
b) Mandatory Access Control (MAC)
c) Role-Based Access Control (RBAC)
d) Attribute-Based Access Control (ABAC)
b) Mandatory Access Control (MAC)
Rationale: MAC uses strict, predefined rules set by a central authority to control access, often
used in high-security environments.
4. What is the purpose of a firewall in network security?
a) To encrypt data
b) To filter network traffic based on rules
c) To authenticate users
d) To compress data
b) To filter network traffic based on rules
Rationale: Firewalls monitor and control incoming and outgoing network traffic to protect
systems from unauthorized access.
5. Which cryptographic algorithm is recommended for encrypting sensitive
data at rest?
a) MD5
b) AES-256
c) SHA-1
d) RC4
b) AES-256
Rationale: AES-256 is a strong symmetric encryption algorithm widely used for securing data at
rest due to its robustness.
6. What is the first step in an incident response plan?
a) Recovery
b) Identification
c) Containment
d) Eradication
b) Identification
Rationale: The first step in incident response is identifying that a security incident has occurred
to initiate appropriate actions.
7. Which compliance standard focuses on information security
management systems?
a) HIPAA
b) ISO 27001
c) PCI DSS
d) GDPR
b) ISO 27001
| 70+ (2025–2026 Full Exam Kit) | Solved Q&A
The WGU D430 Fundamentals of Information Security Exam (2025–2026 Edition)
is a verified and comprehensive Q&A resource designed to help students master essential
cybersecurity concepts tested in the WGU course. This full exam kit contains 70+ expertly
developed questions with complete and accurate solutions — ensuring A+ readiness
and a deeper understanding of modern information security frameworks and best practices.
Introduction
This updated 2025–2026 study and Q&A guide provides coverage of critical security topics
including Confidentiality, Integrity, and Availability (CIA) triad, risk management,
access control models, network security, cryptography, incident response, and
compliance standards (e.g., NIST, ISO 27001). Each solution includes explanations
focused on practical application and exam comprehension to support concept mastery.
Answer Format
All correct answers are highlighted in bold green for clear identification. Each response is
followed by a concise rationale explaining the underlying security principle or industry best
practice being assessed.
Questions 1–70
1. What does the Confidentiality component of the CIA triad ensure?
a) Data is available when needed
b) Data is protected from unauthorized access
c) Data remains unchanged during transmission
d) Data is accessible to all users
b) Data is protected from unauthorized access
Rationale: Confidentiality ensures that data is only accessible to authorized individuals,
typically through encryption and access controls.
2. What is the primary goal of risk management in information security?
a) To eliminate all risks
b) To identify, assess, and mitigate risks
c) To increase system performance
d) To simplify user access
b) To identify, assess, and mitigate risks
Rationale: Risk management involves identifying potential threats, assessing their impact, and
implementing controls to reduce risks to an acceptable level.
, 3. Which access control model uses predefined rules to determine
permissions?
a) Discretionary Access Control (DAC)
b) Mandatory Access Control (MAC)
c) Role-Based Access Control (RBAC)
d) Attribute-Based Access Control (ABAC)
b) Mandatory Access Control (MAC)
Rationale: MAC uses strict, predefined rules set by a central authority to control access, often
used in high-security environments.
4. What is the purpose of a firewall in network security?
a) To encrypt data
b) To filter network traffic based on rules
c) To authenticate users
d) To compress data
b) To filter network traffic based on rules
Rationale: Firewalls monitor and control incoming and outgoing network traffic to protect
systems from unauthorized access.
5. Which cryptographic algorithm is recommended for encrypting sensitive
data at rest?
a) MD5
b) AES-256
c) SHA-1
d) RC4
b) AES-256
Rationale: AES-256 is a strong symmetric encryption algorithm widely used for securing data at
rest due to its robustness.
6. What is the first step in an incident response plan?
a) Recovery
b) Identification
c) Containment
d) Eradication
b) Identification
Rationale: The first step in incident response is identifying that a security incident has occurred
to initiate appropriate actions.
7. Which compliance standard focuses on information security
management systems?
a) HIPAA
b) ISO 27001
c) PCI DSS
d) GDPR
b) ISO 27001
