1
WGU
WGU C836 EXAM QUESTIONS AND
ANSWERS UPDATED (2025/2026)
(VERIFIED ANSWERS)
data at rest - ANS ✓Data that is on a storage device of some kind and is not
moving
data in motion - ANS ✓Data that is moving over a WAN or LAN, a wireless
network, over the internet, or in other ways
data at rest - ANS ✓This type of data is protected using data security
(encryption) and physical security
data in motion - ANS ✓This type of data is best protected by protecting the data
itself (using SSL, TLS) and protecting the connection (using IPsec VPN, SSL VPN)
data in use - ANS ✓This type of data is the hardest to protect
WGU C836
, 2
WGU
encryption - ANS ✓a subset of cryptography that refers specifically to the
transformation of unencrypted data into its encrypted form
decryption - ANS ✓The process of recovering the plaintext message from the
ciphertext
authentication - ANS ✓a set of methods we use to establish a claim of identity as
being true
corroborates the identity of an entity, whether it is the sender, the sender's
computer, some device, or some information
ECC (Elliptic Curve Cryptography) - ANS ✓An asymmetric encryption
algorithm that uses smaller key sizes and requires less processing power than
many other encryption methods.
commonly used in smaller wireless devices
accountability - ANS ✓this provides us with the means to trace activities in our
environment back to their source
nonrepudiation - ANS ✓Refers to a situation in which sufficient evidence exists
as to prevent an individual from successfully denying that he or she has made a
statement, or taken an action
WGU C836
, 3
WGU
deterrence - ANS ✓refers to elements that discourage or prevent misbehaviour
in our environments
IDS (intrusion detection system) - ANS ✓a monitoring tool that alerts when an
attack or other undesirable activity is taking place
IPS (Intrusion Prevention System) - ANS ✓a tool that alarms and takes actions
when malicious events occur
auditing - ANS ✓a methodical examination and review that ensures
accountability through technical means;
ensures compliance with applicable laws, policies, and other bodies of
administrative control, and detects misuse
logging - ANS ✓A process that provides a history of the activities that have taken
place in the environment
monitoring - ANS ✓a subset of auditing that focuses on observing information
about the environment in order to discover undesirable conditions such as
failures, resource shortages, security issues, and trends
WGU C836
, 4
WGU
vulnerability assessment - ANS ✓An activity involving the careful examination
of our environment using vulnerability scanning tools in order to discover
vulnerabilities
penetration testing - ANS ✓A more active method of finding security holes that
includes using the kinds of tools attackers use to mimic an attack on our
environment
chain of custody - ANS ✓a record of where evidence was and how it was passed
and protected;
required by courts for admissibility of records
authorization - ANS ✓enables us to determine what users are allowed to do
principle of least privilege - ANS ✓States that we should allow only the bare
minimum access required in order for a given party (person, user account, or
process) to perform a needed functionality
violation - ANS ✓the act of doing something that is prohibited by law or rule
allowing access - ANS ✓An act that grants a particular party access to a given
resource
WGU C836
WGU
WGU C836 EXAM QUESTIONS AND
ANSWERS UPDATED (2025/2026)
(VERIFIED ANSWERS)
data at rest - ANS ✓Data that is on a storage device of some kind and is not
moving
data in motion - ANS ✓Data that is moving over a WAN or LAN, a wireless
network, over the internet, or in other ways
data at rest - ANS ✓This type of data is protected using data security
(encryption) and physical security
data in motion - ANS ✓This type of data is best protected by protecting the data
itself (using SSL, TLS) and protecting the connection (using IPsec VPN, SSL VPN)
data in use - ANS ✓This type of data is the hardest to protect
WGU C836
, 2
WGU
encryption - ANS ✓a subset of cryptography that refers specifically to the
transformation of unencrypted data into its encrypted form
decryption - ANS ✓The process of recovering the plaintext message from the
ciphertext
authentication - ANS ✓a set of methods we use to establish a claim of identity as
being true
corroborates the identity of an entity, whether it is the sender, the sender's
computer, some device, or some information
ECC (Elliptic Curve Cryptography) - ANS ✓An asymmetric encryption
algorithm that uses smaller key sizes and requires less processing power than
many other encryption methods.
commonly used in smaller wireless devices
accountability - ANS ✓this provides us with the means to trace activities in our
environment back to their source
nonrepudiation - ANS ✓Refers to a situation in which sufficient evidence exists
as to prevent an individual from successfully denying that he or she has made a
statement, or taken an action
WGU C836
, 3
WGU
deterrence - ANS ✓refers to elements that discourage or prevent misbehaviour
in our environments
IDS (intrusion detection system) - ANS ✓a monitoring tool that alerts when an
attack or other undesirable activity is taking place
IPS (Intrusion Prevention System) - ANS ✓a tool that alarms and takes actions
when malicious events occur
auditing - ANS ✓a methodical examination and review that ensures
accountability through technical means;
ensures compliance with applicable laws, policies, and other bodies of
administrative control, and detects misuse
logging - ANS ✓A process that provides a history of the activities that have taken
place in the environment
monitoring - ANS ✓a subset of auditing that focuses on observing information
about the environment in order to discover undesirable conditions such as
failures, resource shortages, security issues, and trends
WGU C836
, 4
WGU
vulnerability assessment - ANS ✓An activity involving the careful examination
of our environment using vulnerability scanning tools in order to discover
vulnerabilities
penetration testing - ANS ✓A more active method of finding security holes that
includes using the kinds of tools attackers use to mimic an attack on our
environment
chain of custody - ANS ✓a record of where evidence was and how it was passed
and protected;
required by courts for admissibility of records
authorization - ANS ✓enables us to determine what users are allowed to do
principle of least privilege - ANS ✓States that we should allow only the bare
minimum access required in order for a given party (person, user account, or
process) to perform a needed functionality
violation - ANS ✓the act of doing something that is prohibited by law or rule
allowing access - ANS ✓An act that grants a particular party access to a given
resource
WGU C836
