WGU D430 Fundamentals of Information
Security Questions And Answers | Latest
Update | 2024/2025 | Already Passed
What is the main purpose of information security in an organization?
✔✔ The main purpose of information security is to protect an organization’s information assets
from unauthorized access, disclosure, alteration, and destruction.
What are the three key principles of the CIA Triad?
✔✔ The three key principles of the CIA Triad are Confidentiality, Integrity, and Availability.
What is the difference between authentication and authorization?
✔✔ Authentication verifies the identity of a user, while authorization determines what resources
a user has permission to access.
What is encryption in information security?
✔✔ Encryption is the process of converting plain text into ciphertext to protect sensitive
information from unauthorized access.
1
,What is a firewall, and how does it function in network security?
✔✔ A firewall is a network security device that monitors and controls incoming and outgoing
network traffic based on predetermined security rules, acting as a barrier between a trusted
internal network and untrusted external networks.
What is the principle of least privilege?
✔✔ The principle of least privilege ensures that users, systems, and processes are given the
minimum level of access necessary to perform their tasks, reducing the risk of unauthorized
access.
What is multi-factor authentication (MFA)?
✔✔ Multi-factor authentication is a security mechanism that requires two or more independent
methods of verification from users, such as a password and a fingerprint scan, to gain access to a
system.
What is the role of a Security Operations Center (SOC)?
✔✔ The role of a Security Operations Center (SOC) is to monitor, detect, respond to, and
mitigate security threats and incidents within an organization.
2
,What is a Denial of Service (DoS) attack?
✔✔ A Denial of Service (DoS) attack is a malicious attempt to overwhelm a system, network, or
server by flooding it with excessive traffic, rendering it unavailable to legitimate users.
What is a vulnerability in the context of information security?
✔✔ A vulnerability is a weakness or flaw in a system, application, or network that can be
exploited by a threat actor to gain unauthorized access or cause harm.
What is the difference between a vulnerability and an exploit?
✔✔ A vulnerability is a weakness in a system, while an exploit is a tool or method used to take
advantage of that vulnerability.
What is a phishing attack?
✔✔ A phishing attack is a type of social engineering where attackers attempt to trick individuals
into providing sensitive information, such as usernames, passwords, or credit card details,
typically by pretending to be a trusted entity.
What is a zero-day exploit?
3
, ✔✔ A zero-day exploit refers to an attack that takes advantage of a previously unknown
vulnerability in software or hardware before a patch or fix is available.
What is the purpose of a security policy in an organization?
✔✔ The purpose of a security policy is to define the rules and procedures for ensuring the
protection of an organization’s information assets, setting clear guidelines for how security
should be managed and enforced.
What is an Intrusion Detection System (IDS)?
✔✔ An Intrusion Detection System (IDS) is a security technology that monitors network or
system activities for malicious actions or policy violations and alerts administrators when such
actions are detected.
What is the role of hashing in information security?
✔✔ Hashing is the process of transforming data into a fixed-length string of characters, which is
typically a hash value, used to ensure the integrity of the data by detecting changes or alterations.
What is the difference between symmetric and asymmetric encryption?
4
Security Questions And Answers | Latest
Update | 2024/2025 | Already Passed
What is the main purpose of information security in an organization?
✔✔ The main purpose of information security is to protect an organization’s information assets
from unauthorized access, disclosure, alteration, and destruction.
What are the three key principles of the CIA Triad?
✔✔ The three key principles of the CIA Triad are Confidentiality, Integrity, and Availability.
What is the difference between authentication and authorization?
✔✔ Authentication verifies the identity of a user, while authorization determines what resources
a user has permission to access.
What is encryption in information security?
✔✔ Encryption is the process of converting plain text into ciphertext to protect sensitive
information from unauthorized access.
1
,What is a firewall, and how does it function in network security?
✔✔ A firewall is a network security device that monitors and controls incoming and outgoing
network traffic based on predetermined security rules, acting as a barrier between a trusted
internal network and untrusted external networks.
What is the principle of least privilege?
✔✔ The principle of least privilege ensures that users, systems, and processes are given the
minimum level of access necessary to perform their tasks, reducing the risk of unauthorized
access.
What is multi-factor authentication (MFA)?
✔✔ Multi-factor authentication is a security mechanism that requires two or more independent
methods of verification from users, such as a password and a fingerprint scan, to gain access to a
system.
What is the role of a Security Operations Center (SOC)?
✔✔ The role of a Security Operations Center (SOC) is to monitor, detect, respond to, and
mitigate security threats and incidents within an organization.
2
,What is a Denial of Service (DoS) attack?
✔✔ A Denial of Service (DoS) attack is a malicious attempt to overwhelm a system, network, or
server by flooding it with excessive traffic, rendering it unavailable to legitimate users.
What is a vulnerability in the context of information security?
✔✔ A vulnerability is a weakness or flaw in a system, application, or network that can be
exploited by a threat actor to gain unauthorized access or cause harm.
What is the difference between a vulnerability and an exploit?
✔✔ A vulnerability is a weakness in a system, while an exploit is a tool or method used to take
advantage of that vulnerability.
What is a phishing attack?
✔✔ A phishing attack is a type of social engineering where attackers attempt to trick individuals
into providing sensitive information, such as usernames, passwords, or credit card details,
typically by pretending to be a trusted entity.
What is a zero-day exploit?
3
, ✔✔ A zero-day exploit refers to an attack that takes advantage of a previously unknown
vulnerability in software or hardware before a patch or fix is available.
What is the purpose of a security policy in an organization?
✔✔ The purpose of a security policy is to define the rules and procedures for ensuring the
protection of an organization’s information assets, setting clear guidelines for how security
should be managed and enforced.
What is an Intrusion Detection System (IDS)?
✔✔ An Intrusion Detection System (IDS) is a security technology that monitors network or
system activities for malicious actions or policy violations and alerts administrators when such
actions are detected.
What is the role of hashing in information security?
✔✔ Hashing is the process of transforming data into a fixed-length string of characters, which is
typically a hash value, used to ensure the integrity of the data by detecting changes or alterations.
What is the difference between symmetric and asymmetric encryption?
4
