WGU C836 FUndamentals oF InFormatIon seCUrIty
FInal exam QUestIons and ansWers 2025–2026 |
WGU C836 oa real exam-style Q&a | latest
Updated stUdy GUIde WIth VerIFIed CorreCt
ansWers
Sample Exam Questions
1. Which of the following is a primary goal of information security?
• A) Increase software functionality
• B) Triple data storage capacity
• C) Maintain data confidentiality
• D) Enhance system usability
Correct Option: C) Maintain data confidentiality
Rationale: The primary goals of information security generally focus on ensuring
confidentiality, integrity, and availability of data. Confidentiality involves protecting information
from unauthorized access.
2. What is the principle of least privilege?
• A) Users should have all privileges for usability
• B) Users are granted only the minimum level of access necessary
• C) Access is revoked after completion of tasks
• D) Privileges are determined by IT professionals only
Correct Option: B) Users are granted only the minimum level of access necessary
Rationale: The principle of least privilege is a security practice that restricts user access rights to
the bare minimum permissions they need to perform their job functions.
3. Which type of attack involves overwhelming a system with traffic to render it unusable?
• A) Phishing
• B) Denial of Service (DoS)
,WGU C836 FUndamentals oF InFormatIon seCUrIty
FInal exam QUestIons and ansWers 2025–2026 |
WGU C836 oa real exam-style Q&a | latest
Updated stUdy GUIde WIth VerIFIed CorreCt
ansWers
• C) Man-in-the-Middle
• D) SQL Injection
Correct Option: B) Denial of Service (DoS)
Rationale: A Denial of Service attack aims to make a machine or network resource unavailable
by overwhelming it with a flood of illegitimate requests.
4. What is the purpose of encryption in data security?
• A) To protect data confidentiality during transmission
• B) To improve data integrity
• C) To enhance data accessibility
• D) To expedite data processing speed
Correct Option: A) To protect data confidentiality during transmission
Rationale: Encryption serves to protect the confidentiality of data by transforming it into a
format that is unreadable without the corresponding decryption key.
5. Which standard focuses on managing and protecting sensitive data?
• A) HIPAA
• B) PCI DSS
• C) NIST SP 800-53
• D) ISO 27001
Correct Option: B) PCI DSS
Rationale: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security
standards designed to ensure that companies that accept, process, store, or transmit credit card
information maintain a secure environment.
,WGU C836 FUndamentals oF InFormatIon seCUrIty
FInal exam QUestIons and ansWers 2025–2026 |
WGU C836 oa real exam-style Q&a | latest
Updated stUdy GUIde WIth VerIFIed CorreCt
ansWers
6. Which of the following is a common method for preventing unauthorized access to a
network?
• A) Firewalls
• B) Intrusion Detection Systems (IDS)
• C) Access Control Lists (ACLs)
• D) Network Protocols
Correct Option: C) Access Control Lists (ACLs)
Rationale: ACLs help define who can access certain resources in a network, enforcing security
by allowing only authorized users or systems.
7. What does HTTPS stand for?
• A) Hypertext Transfer Protocol Standard
• B) Hypertext Transfer Protocol Secure
• C) Hypertext Transfer Privacy Standard
• D) Hypertext Transfer Protocol Secure Layer
Correct Option: B) Hypertext Transfer Protocol Secure
Rationale: HTTPS is the secure version of HTTP, which encrypts the data exchanged to protect
against interception.
8. A company experiences a data breach. Which of the following is the first action they
should take?
• A) Inform customers
• B) Contain the breach
• C) Identify the attack vector
, WGU C836 FUndamentals oF InFormatIon seCUrIty
FInal exam QUestIons and ansWers 2025–2026 |
WGU C836 oa real exam-style Q&a | latest
Updated stUdy GUIde WIth VerIFIed CorreCt
ansWers
• D) Restore data from backup
Correct Option: B) Contain the breach
Rationale: Containment should be the first step to prevent further data loss or damage.
9. What is a strong password policy likely to include?
• A) At least 5 characters
• B) A mix of letters, numbers, and symbols
• C) Easy-to-remember words
• D) Use of personal information
Correct Option: B) A mix of letters, numbers, and symbols
Rationale: A strong password combines various character types to enhance security, making it
much harder to guess or crack.
10. Which of the following is considered a social engineering attack?
• A) DDoS
• B) Pretexting
• C) SQL Injection
• D) Trojan Horse
Correct Option: B) Pretexting
Rationale: Pretexting involves creating a fabricated scenario to obtain information from a target,
often used in social engineering attacks.
11. What does MFA stand for in cybersecurity?
FInal exam QUestIons and ansWers 2025–2026 |
WGU C836 oa real exam-style Q&a | latest
Updated stUdy GUIde WIth VerIFIed CorreCt
ansWers
Sample Exam Questions
1. Which of the following is a primary goal of information security?
• A) Increase software functionality
• B) Triple data storage capacity
• C) Maintain data confidentiality
• D) Enhance system usability
Correct Option: C) Maintain data confidentiality
Rationale: The primary goals of information security generally focus on ensuring
confidentiality, integrity, and availability of data. Confidentiality involves protecting information
from unauthorized access.
2. What is the principle of least privilege?
• A) Users should have all privileges for usability
• B) Users are granted only the minimum level of access necessary
• C) Access is revoked after completion of tasks
• D) Privileges are determined by IT professionals only
Correct Option: B) Users are granted only the minimum level of access necessary
Rationale: The principle of least privilege is a security practice that restricts user access rights to
the bare minimum permissions they need to perform their job functions.
3. Which type of attack involves overwhelming a system with traffic to render it unusable?
• A) Phishing
• B) Denial of Service (DoS)
,WGU C836 FUndamentals oF InFormatIon seCUrIty
FInal exam QUestIons and ansWers 2025–2026 |
WGU C836 oa real exam-style Q&a | latest
Updated stUdy GUIde WIth VerIFIed CorreCt
ansWers
• C) Man-in-the-Middle
• D) SQL Injection
Correct Option: B) Denial of Service (DoS)
Rationale: A Denial of Service attack aims to make a machine or network resource unavailable
by overwhelming it with a flood of illegitimate requests.
4. What is the purpose of encryption in data security?
• A) To protect data confidentiality during transmission
• B) To improve data integrity
• C) To enhance data accessibility
• D) To expedite data processing speed
Correct Option: A) To protect data confidentiality during transmission
Rationale: Encryption serves to protect the confidentiality of data by transforming it into a
format that is unreadable without the corresponding decryption key.
5. Which standard focuses on managing and protecting sensitive data?
• A) HIPAA
• B) PCI DSS
• C) NIST SP 800-53
• D) ISO 27001
Correct Option: B) PCI DSS
Rationale: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security
standards designed to ensure that companies that accept, process, store, or transmit credit card
information maintain a secure environment.
,WGU C836 FUndamentals oF InFormatIon seCUrIty
FInal exam QUestIons and ansWers 2025–2026 |
WGU C836 oa real exam-style Q&a | latest
Updated stUdy GUIde WIth VerIFIed CorreCt
ansWers
6. Which of the following is a common method for preventing unauthorized access to a
network?
• A) Firewalls
• B) Intrusion Detection Systems (IDS)
• C) Access Control Lists (ACLs)
• D) Network Protocols
Correct Option: C) Access Control Lists (ACLs)
Rationale: ACLs help define who can access certain resources in a network, enforcing security
by allowing only authorized users or systems.
7. What does HTTPS stand for?
• A) Hypertext Transfer Protocol Standard
• B) Hypertext Transfer Protocol Secure
• C) Hypertext Transfer Privacy Standard
• D) Hypertext Transfer Protocol Secure Layer
Correct Option: B) Hypertext Transfer Protocol Secure
Rationale: HTTPS is the secure version of HTTP, which encrypts the data exchanged to protect
against interception.
8. A company experiences a data breach. Which of the following is the first action they
should take?
• A) Inform customers
• B) Contain the breach
• C) Identify the attack vector
, WGU C836 FUndamentals oF InFormatIon seCUrIty
FInal exam QUestIons and ansWers 2025–2026 |
WGU C836 oa real exam-style Q&a | latest
Updated stUdy GUIde WIth VerIFIed CorreCt
ansWers
• D) Restore data from backup
Correct Option: B) Contain the breach
Rationale: Containment should be the first step to prevent further data loss or damage.
9. What is a strong password policy likely to include?
• A) At least 5 characters
• B) A mix of letters, numbers, and symbols
• C) Easy-to-remember words
• D) Use of personal information
Correct Option: B) A mix of letters, numbers, and symbols
Rationale: A strong password combines various character types to enhance security, making it
much harder to guess or crack.
10. Which of the following is considered a social engineering attack?
• A) DDoS
• B) Pretexting
• C) SQL Injection
• D) Trojan Horse
Correct Option: B) Pretexting
Rationale: Pretexting involves creating a fabricated scenario to obtain information from a target,
often used in social engineering attacks.
11. What does MFA stand for in cybersecurity?
