12/11/25, 8:20 PM Edit · WGU C836 STUDY QUESTIONS | Quizlet
Back to set Done
Visible only to me Saved just now
Title
WGU C836 STUDY QUESTIONS
Add a description...
Import
Suggestions
1
What is the CIA triad in information security?
TERM
Confidentiality, Integrity, and Availability.
Image
DEFINITION
2
What is the main purpose of an information security procedure?
TERM
The main purpose of an information security procedure is to provide step-by-step instructions for implementing
and maintaining security controls, in accordance with the organization's security policies. Image
DEFINITION
3
What is the difference between a policy, a standard, and a procedure in the context of information security?
TERM
A policy is a high-level statement that outlines the organization's approach to information security. A standard is
a specific requirement that supports the policy, while a procedure provides step-by-step instructions for Image
implementing the standard.
DEFINITION
4
What is NOT one of the seven domains of a typical IT infrastructure?
https://quizlet.com/1121397224/edit#addRow 1/20
,12/11/25, 8:20 PM Edit · WGU C836 STUDY QUESTIONS | Quizlet
TERM
Human Resources Domain
Image
DEFINITION
5
What are the two main types of information security policies?
TERM
organizational (or enterprise) policies and system-specific policies.
Image
DEFINITION
6
Why is it important to have a policy review and update process in place?
TERM
to ensure that information security policies remain relevant and effective, adapting to changes in technology,
threats, regulatory requirements, and the organization's business environment. Image
DEFINITION
7
What is an example of a security control that would typically be defined in a procedure?
TERM
A firewall rule set
Image
DEFINITION
8
What is the role of the information security awareness and training program in supporting an organization's security policies
and procedures?
TERM
The information security awareness and training program helps to ensure that employees understand and follow
the organization's security policies and procedures, by providing them with the necessary knowledge, skills, and Image
motivation to protect information assets.
DEFINITION
9
https://quizlet.com/1121397224/edit#addRow 2/20
, 12/11/25, 8:20 PM Edit · WGU C836 STUDY QUESTIONS | Quizlet
What are the five functions of the NIST Cybersecurity Framework?
TERM
Identify, Protect, Detect, Respond, and Recover.
Image
DEFINITION
10
What is an operating system?
TERM
An operating system (OS) is a software that manages computer hardware and software resources, and provides
services to applications. Image
DEFINITION
11
What is operating system security?
TERM
Operating system security refers to the measures taken to protect the operating system from unauthorized
access, malicious attacks, and other security threats. Image
DEFINITION
12
What is a privilege escalation attack?
TERM
A privilege escalation attack is a type of security exploit where a user gains access to higher-level privileges
than they are authorized to have. Image
DEFINITION
13
What is a buffer overflow attack?
TERM
A buffer overflow attack is a type of security exploit where a program writes more data to a buffer than it can
handle, causing the buffer to overflow and potentially execute malicious code. Image
DEFINITION
https://quizlet.com/1121397224/edit#addRow 3/20
Back to set Done
Visible only to me Saved just now
Title
WGU C836 STUDY QUESTIONS
Add a description...
Import
Suggestions
1
What is the CIA triad in information security?
TERM
Confidentiality, Integrity, and Availability.
Image
DEFINITION
2
What is the main purpose of an information security procedure?
TERM
The main purpose of an information security procedure is to provide step-by-step instructions for implementing
and maintaining security controls, in accordance with the organization's security policies. Image
DEFINITION
3
What is the difference between a policy, a standard, and a procedure in the context of information security?
TERM
A policy is a high-level statement that outlines the organization's approach to information security. A standard is
a specific requirement that supports the policy, while a procedure provides step-by-step instructions for Image
implementing the standard.
DEFINITION
4
What is NOT one of the seven domains of a typical IT infrastructure?
https://quizlet.com/1121397224/edit#addRow 1/20
,12/11/25, 8:20 PM Edit · WGU C836 STUDY QUESTIONS | Quizlet
TERM
Human Resources Domain
Image
DEFINITION
5
What are the two main types of information security policies?
TERM
organizational (or enterprise) policies and system-specific policies.
Image
DEFINITION
6
Why is it important to have a policy review and update process in place?
TERM
to ensure that information security policies remain relevant and effective, adapting to changes in technology,
threats, regulatory requirements, and the organization's business environment. Image
DEFINITION
7
What is an example of a security control that would typically be defined in a procedure?
TERM
A firewall rule set
Image
DEFINITION
8
What is the role of the information security awareness and training program in supporting an organization's security policies
and procedures?
TERM
The information security awareness and training program helps to ensure that employees understand and follow
the organization's security policies and procedures, by providing them with the necessary knowledge, skills, and Image
motivation to protect information assets.
DEFINITION
9
https://quizlet.com/1121397224/edit#addRow 2/20
, 12/11/25, 8:20 PM Edit · WGU C836 STUDY QUESTIONS | Quizlet
What are the five functions of the NIST Cybersecurity Framework?
TERM
Identify, Protect, Detect, Respond, and Recover.
Image
DEFINITION
10
What is an operating system?
TERM
An operating system (OS) is a software that manages computer hardware and software resources, and provides
services to applications. Image
DEFINITION
11
What is operating system security?
TERM
Operating system security refers to the measures taken to protect the operating system from unauthorized
access, malicious attacks, and other security threats. Image
DEFINITION
12
What is a privilege escalation attack?
TERM
A privilege escalation attack is a type of security exploit where a user gains access to higher-level privileges
than they are authorized to have. Image
DEFINITION
13
What is a buffer overflow attack?
TERM
A buffer overflow attack is a type of security exploit where a program writes more data to a buffer than it can
handle, causing the buffer to overflow and potentially execute malicious code. Image
DEFINITION
https://quizlet.com/1121397224/edit#addRow 3/20
