C836 - Fundamentals of
Information Security (WGU)
EXAM QUESTIONS WITH
CORRECT
ANSWERS||100%GUARANTEE
D PASS||A+
GRADED!!||UPDATED
2025/2026||<LATEST
VERSION>|
What are the five different models of Access Control? - ANSWER ✓
Discretionary, Mandatory, Rule-based, Role-based, and Attribute based
Discretionary Access Control (DAC) - ANSWER ✓ owner of resources
determines who gets access and what level. Most operating systems use this. If we
decide to create a network share, for instance, we get to decide who we want to
allow access.
Mandatory Access Control - ANSWER ✓ separate group or individual (from
owner) has the authority to set access to resources. We can often find MAC
implemented in government organizations, where access to a given resource is
largely dictated by the sensitivity label applied to it (secret, top secret, etc.), by the
level of sensitive information the individual is allowed to access (perhaps only
secret), and by whether the individual actually has a need to access the resource
Rule-based Access Control (RuBAC) - ANSWER ✓ allows access according to a
set of rules defined by the system administrator. Example Firewalls and Routers.
, Attribute-based access control (ABAC) - ANSWER ✓ This is an access control
paradigm whereby access rights are granted to users with policies that combine
attributes together. Subject, resource, environmental, physical
Bell-LaPadula model - ANSWER ✓ implements a combination of DAC and MAC
and is primarily concerned with the confidentiality of the resource in question.
Generally, in cases where we see DAC and MAC implemented together, MAC
takes precedence over DAC, and DAC works within the accesses allowed by the
MAC permissions.
Simple Security Property - ANSWER ✓ The level of access granted to an
individual must be at least as high as the classification of the resource in order for
the individual to be able to access it.
The * property - ANSWER ✓ Anyone accessing a resource can only write its
contents to one classified at the same level or higher.
No read up, no write down - ANSWER ✓ means that when we are handling
classified information, we cannot read any higher than our clearance level, and we
cannot write classified data down to any lower level.
Biba Model - ANSWER ✓ An access control model used to ensure integrity. It
uses two primary rules: no read down and no write up.
Simple integrity axiom - ANSWER ✓ The level of access granted to an individual
must be no lower than the classification of the resource.
*Integrity axiom - ANSWER ✓ Anyone accessing a resource can only write its
contents to one classified at the same level or lower.
No read down, no write up - ANSWER ✓ entails that assets that are of high
integrity and assets that are of low integrity are kept strictly apart
Brewer and Nash Model - ANSWER ✓ also known as the Chinese Wall model, is
an access control model designed to prevent conflicts of interest.
Example of Brewer and Nash Model - ANSWER ✓ A commercial law firm
working for companies in a certain industry might have files that pertain to various
, individuals and companies working in that industry. As an individual lawyer at the
firm accesses data and works for different clients, he could potentially access
confidential data that would generate a conflict of interest while working on a new
case. In the Brewer and Nash model, the resources and case materials that the
lawyer was allowed access to would dynamically change based on the materials he
had previously accessed.
Physical access controls - ANSWER ✓ concerned with controlling the movement
of individuals and vehicles
Accountability - ANSWER ✓ refers to making sure that a person is responsible
for their actions. It provides us with the means to trace activities in our
environment back to their source.
Accountability depends on - ANSWER ✓ identification, authentication, and
access control being present so that we can know who a given transaction is
associated with, and what permissions were used to allow them to carry it out.
Auditing - ANSWER ✓ the methodical examination and review of an
organization's records
Examples of things that are audited: - ANSWER ✓ i. Factors that determine
access to systems
ii. Software licenses
iii. Internet usage
iv. passwords
An audit is a kind of - ANSWER ✓ assessment
Cryptography - ANSWER ✓ the science of protecting confidentiality and integrity
of data
Encryption - ANSWER ✓ is the process of transforming plaintext into ciphertext
Decryption - ANSWER ✓ is encryption in reverse
Encryption is done - ANSWER ✓ by doing a cryptographic algorithm
Information Security (WGU)
EXAM QUESTIONS WITH
CORRECT
ANSWERS||100%GUARANTEE
D PASS||A+
GRADED!!||UPDATED
2025/2026||<LATEST
VERSION>|
What are the five different models of Access Control? - ANSWER ✓
Discretionary, Mandatory, Rule-based, Role-based, and Attribute based
Discretionary Access Control (DAC) - ANSWER ✓ owner of resources
determines who gets access and what level. Most operating systems use this. If we
decide to create a network share, for instance, we get to decide who we want to
allow access.
Mandatory Access Control - ANSWER ✓ separate group or individual (from
owner) has the authority to set access to resources. We can often find MAC
implemented in government organizations, where access to a given resource is
largely dictated by the sensitivity label applied to it (secret, top secret, etc.), by the
level of sensitive information the individual is allowed to access (perhaps only
secret), and by whether the individual actually has a need to access the resource
Rule-based Access Control (RuBAC) - ANSWER ✓ allows access according to a
set of rules defined by the system administrator. Example Firewalls and Routers.
, Attribute-based access control (ABAC) - ANSWER ✓ This is an access control
paradigm whereby access rights are granted to users with policies that combine
attributes together. Subject, resource, environmental, physical
Bell-LaPadula model - ANSWER ✓ implements a combination of DAC and MAC
and is primarily concerned with the confidentiality of the resource in question.
Generally, in cases where we see DAC and MAC implemented together, MAC
takes precedence over DAC, and DAC works within the accesses allowed by the
MAC permissions.
Simple Security Property - ANSWER ✓ The level of access granted to an
individual must be at least as high as the classification of the resource in order for
the individual to be able to access it.
The * property - ANSWER ✓ Anyone accessing a resource can only write its
contents to one classified at the same level or higher.
No read up, no write down - ANSWER ✓ means that when we are handling
classified information, we cannot read any higher than our clearance level, and we
cannot write classified data down to any lower level.
Biba Model - ANSWER ✓ An access control model used to ensure integrity. It
uses two primary rules: no read down and no write up.
Simple integrity axiom - ANSWER ✓ The level of access granted to an individual
must be no lower than the classification of the resource.
*Integrity axiom - ANSWER ✓ Anyone accessing a resource can only write its
contents to one classified at the same level or lower.
No read down, no write up - ANSWER ✓ entails that assets that are of high
integrity and assets that are of low integrity are kept strictly apart
Brewer and Nash Model - ANSWER ✓ also known as the Chinese Wall model, is
an access control model designed to prevent conflicts of interest.
Example of Brewer and Nash Model - ANSWER ✓ A commercial law firm
working for companies in a certain industry might have files that pertain to various
, individuals and companies working in that industry. As an individual lawyer at the
firm accesses data and works for different clients, he could potentially access
confidential data that would generate a conflict of interest while working on a new
case. In the Brewer and Nash model, the resources and case materials that the
lawyer was allowed access to would dynamically change based on the materials he
had previously accessed.
Physical access controls - ANSWER ✓ concerned with controlling the movement
of individuals and vehicles
Accountability - ANSWER ✓ refers to making sure that a person is responsible
for their actions. It provides us with the means to trace activities in our
environment back to their source.
Accountability depends on - ANSWER ✓ identification, authentication, and
access control being present so that we can know who a given transaction is
associated with, and what permissions were used to allow them to carry it out.
Auditing - ANSWER ✓ the methodical examination and review of an
organization's records
Examples of things that are audited: - ANSWER ✓ i. Factors that determine
access to systems
ii. Software licenses
iii. Internet usage
iv. passwords
An audit is a kind of - ANSWER ✓ assessment
Cryptography - ANSWER ✓ the science of protecting confidentiality and integrity
of data
Encryption - ANSWER ✓ is the process of transforming plaintext into ciphertext
Decryption - ANSWER ✓ is encryption in reverse
Encryption is done - ANSWER ✓ by doing a cryptographic algorithm
