WGU D430 FUNDAMENTALS OF INFORMATION SECURITY EXAM OBJECTIVE
ASSESSMENT NEWEST 2025/2026 TEST BANK ACTUAL EXAM 82 QUESTIONS AND
CORRECT DETAILED ANSWERS (VERIFIED ANSWERS) |ALREADY GRADED A+
1. What is the primary goal of information security?
A. To prevent all security incidents
B. To protect the confidentiality, integrity, and availability of information
C. To implement the latest security technologies
D. To ensure user convenience
Answer: B. To protect the confidentiality, integrity, and availability of information
2. The security principle that ensures information is not disclosed to unauthorized individuals,
entities, or processes is known as:
A. Integrity
B. Availability
C. Confidentiality
D. Accountability
Answer: C. Confidentiality
3. Which term describes the assurance that data has not been altered in an unauthorized
manner?
A. Confidentiality
B. Availability
C. Integrity
D. Non-repudiation
Answer: C. Integrity
, 4. A Distributed Denial-of-Service (DDoS) attack primarily impacts which pillar of the CIA
triad?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
Answer: C. Availability
5. What is a primary objective of a risk management program?
A. To eliminate all risk
B. To identify, assess, and mitigate risks to an acceptable level
C. To transfer all risk to a third party
D. To ignore risks that are unlikely to occur
Answer: B. To identify, assess, and mitigate risks to an acceptable level
6. The process of identifying potential threats and vulnerabilities to an organization's operations
and assets is called:
A. Risk Mitigation
B. Risk Assessment
C. Risk Avoidance
D. Risk Transfer
Answer: B. Risk Assessment
7. Which risk response strategy involves taking action to reduce the likelihood or impact of a
risk?
A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
, D. Risk Transfer
Answer: C. Risk Mitigation
8. Purchasing cybersecurity insurance is an example of which risk response strategy?
A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer
Answer: D. Risk Transfer
9. A document that defines the scope, objectives, and procedures for a risk assessment is known
as a:
A. Risk Assessment Report
B. Risk Management Plan
C. Business Impact Analysis
D. System Security Plan
Answer: B. Risk Management Plan
10. Which of the following is a qualitative, not quantitative, risk assessment factor?
A. Annualized Loss Expectancy (ALE)
B. Single Loss Expectancy (SLE)
C. High, Medium, Low impact rating
D. Exposure Factor (EF)
Answer: C. High, Medium, Low impact rating
11. What is the formula for calculating Annualized Loss Expectancy (ALE)?
A. ALE = Asset Value (AV) x Exposure Factor (EF)
ASSESSMENT NEWEST 2025/2026 TEST BANK ACTUAL EXAM 82 QUESTIONS AND
CORRECT DETAILED ANSWERS (VERIFIED ANSWERS) |ALREADY GRADED A+
1. What is the primary goal of information security?
A. To prevent all security incidents
B. To protect the confidentiality, integrity, and availability of information
C. To implement the latest security technologies
D. To ensure user convenience
Answer: B. To protect the confidentiality, integrity, and availability of information
2. The security principle that ensures information is not disclosed to unauthorized individuals,
entities, or processes is known as:
A. Integrity
B. Availability
C. Confidentiality
D. Accountability
Answer: C. Confidentiality
3. Which term describes the assurance that data has not been altered in an unauthorized
manner?
A. Confidentiality
B. Availability
C. Integrity
D. Non-repudiation
Answer: C. Integrity
, 4. A Distributed Denial-of-Service (DDoS) attack primarily impacts which pillar of the CIA
triad?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
Answer: C. Availability
5. What is a primary objective of a risk management program?
A. To eliminate all risk
B. To identify, assess, and mitigate risks to an acceptable level
C. To transfer all risk to a third party
D. To ignore risks that are unlikely to occur
Answer: B. To identify, assess, and mitigate risks to an acceptable level
6. The process of identifying potential threats and vulnerabilities to an organization's operations
and assets is called:
A. Risk Mitigation
B. Risk Assessment
C. Risk Avoidance
D. Risk Transfer
Answer: B. Risk Assessment
7. Which risk response strategy involves taking action to reduce the likelihood or impact of a
risk?
A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
, D. Risk Transfer
Answer: C. Risk Mitigation
8. Purchasing cybersecurity insurance is an example of which risk response strategy?
A. Risk Acceptance
B. Risk Avoidance
C. Risk Mitigation
D. Risk Transfer
Answer: D. Risk Transfer
9. A document that defines the scope, objectives, and procedures for a risk assessment is known
as a:
A. Risk Assessment Report
B. Risk Management Plan
C. Business Impact Analysis
D. System Security Plan
Answer: B. Risk Management Plan
10. Which of the following is a qualitative, not quantitative, risk assessment factor?
A. Annualized Loss Expectancy (ALE)
B. Single Loss Expectancy (SLE)
C. High, Medium, Low impact rating
D. Exposure Factor (EF)
Answer: C. High, Medium, Low impact rating
11. What is the formula for calculating Annualized Loss Expectancy (ALE)?
A. ALE = Asset Value (AV) x Exposure Factor (EF)
