WGU D430 EXAM SCRIPT 2026 EXAM FULL
QUESTIONS AND CORRECT ANSWERS
ALREADY PASSED
● Compliance - The requirements that are set forth by laws and industry
regulations. Example : HIPPA/ HITECH- healthcare, PCI/DSS- payment
card industry, FISMA- federal government agencies
● CIA - The core model of all information security. Confidential,
integrity and availability
● Confidential - Allowing only those authorized to access the data
requested
● integrity - Keeping data unaltered by accidental or malicious intent
● Availability - The ability to access data when needed
● Parkerian hexad model - Confidentiality , integrity, availability,
possession/control, authenticity, utility
,● Possession/ control - Refers to the physical disposition of the media on
which the data is stored
● authenticity - Allows us to talk about the proper attribution as to the
owner or creator of the data in question
● Utility - How useful the data is to us
● Types of attacks - 1- interception
2- interruption
3- modification
4- fabrication
● Interception - Attacks allows unauthorized users to access our data,
applications, or environments. Are primarily an attack against
confidentiality
● Interruption - Attacks cause our assets to become unstable or
unavailable for our use, on a temporary or permanent basis. This attack
affects availability but can also attack integrity
● Modification - Attacks involve tampering with our asset. Such attacks
might primarily be considered an integrity attack, but could also be an
availability attack.
,● Fabrication - Attacks involve generating data, processes,
communications, or other similar activities with a system. Attacks
primarily affect integrity but can be considered an availability attack.
● Risk - The likelihood that a threat will occur. There must be a threat
and vulnerability
● Threat - Any event being man-made, natural or environmental that
could damage the assets
● Vulnerabilities - Weakness that a threat event or the threat can take
advantage of
● Impact - taking into account the assets cost
● Controls - The ways we protect assets. Physical, technical/ logical, and
administrative
● Physical controls - Controls are physical items that protect assets.
Think of locks, doors, guards and fences
● Technical/ logical controls - Controls are devices and software that
protect assets. Think of firewalls, av, ids, and ips
, ● Administrative controls - Controls are the policies that organizations
create for governance. Ex: email policies
● risk mamagement - A constant process as assets are purchased, used
and retired. The general steps are 1- identify assets
2- identify threats
3- assess vulnerabilities
4- assess risk
5- mitigating risks
● Identify assets - First and most important part or risk management.
Identifying and categorizing the assets we are protecting
● Identify threats - Once we have our critical assets we can identify the
threats that might effect them
● Assess Vulnerabilities - Look at potential threats. any given asset may
have thousand or millions of threats that could impact it, but only a
small fraction of the threats will be relevant
● Assess risks - Once we have identified the threats and vulnerabilities
for a given asset we can access the overall risk
QUESTIONS AND CORRECT ANSWERS
ALREADY PASSED
● Compliance - The requirements that are set forth by laws and industry
regulations. Example : HIPPA/ HITECH- healthcare, PCI/DSS- payment
card industry, FISMA- federal government agencies
● CIA - The core model of all information security. Confidential,
integrity and availability
● Confidential - Allowing only those authorized to access the data
requested
● integrity - Keeping data unaltered by accidental or malicious intent
● Availability - The ability to access data when needed
● Parkerian hexad model - Confidentiality , integrity, availability,
possession/control, authenticity, utility
,● Possession/ control - Refers to the physical disposition of the media on
which the data is stored
● authenticity - Allows us to talk about the proper attribution as to the
owner or creator of the data in question
● Utility - How useful the data is to us
● Types of attacks - 1- interception
2- interruption
3- modification
4- fabrication
● Interception - Attacks allows unauthorized users to access our data,
applications, or environments. Are primarily an attack against
confidentiality
● Interruption - Attacks cause our assets to become unstable or
unavailable for our use, on a temporary or permanent basis. This attack
affects availability but can also attack integrity
● Modification - Attacks involve tampering with our asset. Such attacks
might primarily be considered an integrity attack, but could also be an
availability attack.
,● Fabrication - Attacks involve generating data, processes,
communications, or other similar activities with a system. Attacks
primarily affect integrity but can be considered an availability attack.
● Risk - The likelihood that a threat will occur. There must be a threat
and vulnerability
● Threat - Any event being man-made, natural or environmental that
could damage the assets
● Vulnerabilities - Weakness that a threat event or the threat can take
advantage of
● Impact - taking into account the assets cost
● Controls - The ways we protect assets. Physical, technical/ logical, and
administrative
● Physical controls - Controls are physical items that protect assets.
Think of locks, doors, guards and fences
● Technical/ logical controls - Controls are devices and software that
protect assets. Think of firewalls, av, ids, and ips
, ● Administrative controls - Controls are the policies that organizations
create for governance. Ex: email policies
● risk mamagement - A constant process as assets are purchased, used
and retired. The general steps are 1- identify assets
2- identify threats
3- assess vulnerabilities
4- assess risk
5- mitigating risks
● Identify assets - First and most important part or risk management.
Identifying and categorizing the assets we are protecting
● Identify threats - Once we have our critical assets we can identify the
threats that might effect them
● Assess Vulnerabilities - Look at potential threats. any given asset may
have thousand or millions of threats that could impact it, but only a
small fraction of the threats will be relevant
● Assess risks - Once we have identified the threats and vulnerabilities
for a given asset we can access the overall risk
