WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY EXAM PREP QUESTIONS AND
ANSWERS 2026 STUDY GUIDE
◉ Compliance. Answer: The requirements that are set forth by laws and
industry regulations. Example : HIPPA/ HITECH- healthcare, PCI/DSS-
payment card industry, FISMA- federal government agencies
◉ CIA. Answer: The core model of all information security.
Confidential, integrity and availability
◉ Confidential. Answer: Allowing only those authorized to access the
data requested
◉ integrity. Answer: Keeping data unaltered by accidental or malicious
intent
◉ Availability. Answer: The ability to access data when needed
◉ Parkerian hexad model. Answer: Confidentiality , integrity,
availability, possession/control, authenticity, utility
,◉ Possession/ control. Answer: Refers to the physical disposition of the
media on which the data is stored
◉ authenticity. Answer: Allows us to talk about the proper attribution as
to the owner or creator of the data in question
◉ Utility. Answer: How useful the data is to us
◉ Types of attacks. Answer: 1- interception
2- interruption
3- modification
4- fabrication
◉ Interception. Answer: Attacks allows unauthorized users to access our
data, applications, or environments. Are primarily an attack against
confidentiality
◉ Interruption. Answer: Attacks cause our assets to become unstable or
unavailable for our use, on a temporary or permanent basis. This attack
affects availability but can also attack integrity
,◉ Modification. Answer: Attacks involve tampering with our asset. Such
attacks might primarily be considered an integrity attack, but could also
be an availability attack.
◉ Fabrication. Answer: Attacks involve generating data, processes,
communications, or other similar activities with a system. Attacks
primarily affect integrity but can be considered an availability attack.
◉ Risk. Answer: The likelihood that a threat will occur. There must be a
threat and vulnerability
◉ Threat. Answer: Any event being man-made, natural or environmental
that could damage the assets
◉ Vulnerabilities. Answer: Weakness that a threat event or the threat can
take advantage of
◉ Impact. Answer: taking into account the assets cost
◉ Controls. Answer: The ways we protect assets. Physical, technical/
logical, and administrative
◉ Physical controls. Answer: Controls are physical items that protect
assets. Think of locks, doors, guards and fences
, ◉ Technical/ logical controls. Answer: Controls are devices and
software that protect assets. Think of firewalls, av, ids, and ips
◉ Administrative controls. Answer: Controls are the policies that
organizations create for governance. Ex: email policies
◉ risk mamagement. Answer: A constant process as assets are
purchased, used and retired. The general steps are 1- identify assets
2- identify threats
3- assess vulnerabilities
4- assess risk
5- mitigating risks
◉ Identify assets. Answer: First and most important part or risk
management. Identifying and categorizing the assets we are protecting
◉ Identify threats. Answer: Once we have our critical assets we can
identify the threats that might effect them
◉ Assess Vulnerabilities. Answer: Look at potential threats. any given
asset may have thousand or millions of threats that could impact it, but
only a small fraction of the threats will be relevant
SECURITY EXAM PREP QUESTIONS AND
ANSWERS 2026 STUDY GUIDE
◉ Compliance. Answer: The requirements that are set forth by laws and
industry regulations. Example : HIPPA/ HITECH- healthcare, PCI/DSS-
payment card industry, FISMA- federal government agencies
◉ CIA. Answer: The core model of all information security.
Confidential, integrity and availability
◉ Confidential. Answer: Allowing only those authorized to access the
data requested
◉ integrity. Answer: Keeping data unaltered by accidental or malicious
intent
◉ Availability. Answer: The ability to access data when needed
◉ Parkerian hexad model. Answer: Confidentiality , integrity,
availability, possession/control, authenticity, utility
,◉ Possession/ control. Answer: Refers to the physical disposition of the
media on which the data is stored
◉ authenticity. Answer: Allows us to talk about the proper attribution as
to the owner or creator of the data in question
◉ Utility. Answer: How useful the data is to us
◉ Types of attacks. Answer: 1- interception
2- interruption
3- modification
4- fabrication
◉ Interception. Answer: Attacks allows unauthorized users to access our
data, applications, or environments. Are primarily an attack against
confidentiality
◉ Interruption. Answer: Attacks cause our assets to become unstable or
unavailable for our use, on a temporary or permanent basis. This attack
affects availability but can also attack integrity
,◉ Modification. Answer: Attacks involve tampering with our asset. Such
attacks might primarily be considered an integrity attack, but could also
be an availability attack.
◉ Fabrication. Answer: Attacks involve generating data, processes,
communications, or other similar activities with a system. Attacks
primarily affect integrity but can be considered an availability attack.
◉ Risk. Answer: The likelihood that a threat will occur. There must be a
threat and vulnerability
◉ Threat. Answer: Any event being man-made, natural or environmental
that could damage the assets
◉ Vulnerabilities. Answer: Weakness that a threat event or the threat can
take advantage of
◉ Impact. Answer: taking into account the assets cost
◉ Controls. Answer: The ways we protect assets. Physical, technical/
logical, and administrative
◉ Physical controls. Answer: Controls are physical items that protect
assets. Think of locks, doors, guards and fences
, ◉ Technical/ logical controls. Answer: Controls are devices and
software that protect assets. Think of firewalls, av, ids, and ips
◉ Administrative controls. Answer: Controls are the policies that
organizations create for governance. Ex: email policies
◉ risk mamagement. Answer: A constant process as assets are
purchased, used and retired. The general steps are 1- identify assets
2- identify threats
3- assess vulnerabilities
4- assess risk
5- mitigating risks
◉ Identify assets. Answer: First and most important part or risk
management. Identifying and categorizing the assets we are protecting
◉ Identify threats. Answer: Once we have our critical assets we can
identify the threats that might effect them
◉ Assess Vulnerabilities. Answer: Look at potential threats. any given
asset may have thousand or millions of threats that could impact it, but
only a small fraction of the threats will be relevant
