ESTUDYR
WGU C845 INFORMATION SYSTEMS SECURITY – KEY
CONCEPTS, DEFINITIONS, AND RATIONALES MOST TESTED
QUESTIONS AND ANSWERS GRADED A
1. What does "AAA" stand for in access control?
A. Authentication, Availability, Accounting
B. Authentication, Authorization, Accounting
C. Authorization, Access, Availability
D. Authentication, Access, Accounting
Rationale: AAA (Triple A) is a standard framework for controlling access to
resources: Authentication verifies identity, Authorization determines permissions,
and Accounting tracks usage.
2. What is an algorithm in cryptography?
A. A secret key used for encryption
B. A protocol for secure communication
C. A mathematical function that encrypts or decrypts text
D. A type of digital certificate
Rationale: In cryptography, an algorithm is a defined mathematical procedure used to
transform plaintext into ciphertext (encryption) and vice versa (decryption).
3. What is authentication?
A. Defining what resources a user can access
B. Tracking user activity
C. Verifying the identity claim of a user
D. Assigning a unique user ID
Rationale: Authentication is the process of confirming that a user is who they claim to be,
typically through passwords, tokens, or biometrics.
4. What is authorization?
A. Verifying user identity
B. Defining the resources, applications, and data a user may access
,ESTUDYR
C. Logging user actions
D. Creating user accounts
Rationale: Authorization follows authentication and specifies what an authenticated user is
permitted to do or access within a system.
5. What does "availability" mean in the AIC triad?
A. Protecting data from unauthorized disclosure
B. Ensuring data has not been altered
C. Ensuring data and hardware are accessible when needed
D. Preventing unauthorized access
Rationale: Availability ensures that information and systems are operational and accessible to
authorized users when required, often through redundancy and fault tolerance.
6. What is confidentiality in the AIC triad?
A. Ensuring data accuracy and consistency
B. Protecting sensitive information from unauthorized disclosure
C. Ensuring systems are always accessible
D. Tracking user activities
Rationale: Confidentiality involves protecting data from being accessed by unauthorized
individuals, often through encryption and access controls.
7. What is due care?
A. Taking actions that prevent harm
B. Taking actions a reasonable and prudent person would take
C. Ignoring minor risks
D. Conducting a risk assessment
Rationale: Due care refers to the standard of reasonable behavior expected to avoid
negligence, such as implementing security measures.
8. What is due diligence?
A. Assigning user permissions
,ESTUDYR
B. Taking actions to prevent harm to persons or property
C. Performing background checks
D. Encrypting sensitive data
Rationale: Due diligence involves proactive steps to identify and mitigate risks, such as regular
security assessments and compliance checks.
9. What is identification in access control?
A. Verifying a user’s identity
B. A unique designation or claim presented when requesting access
C. Logging user actions
D. Assigning user roles
Rationale: Identification is the process of claiming an identity (e.g., username) before
authentication verifies it.
10. What is integrity in the AIC triad?
A. Protecting data from disclosure
B. Ensuring data has not been altered in an unauthorized manner
C. Keeping systems available
D. Verifying user identity
Rationale: Integrity ensures data remains accurate, consistent, and trustworthy throughout its
lifecycle, protected from unauthorized modification.
11. What is job rotation?
A. Training employees on multiple systems
B. Shifting individuals between roles to prevent security violations
C. Rotating encryption keys
D. Changing passwords regularly
Rationale: Job rotation is a security control that reduces the risk of fraud or collusion by
moving employees between different roles and responsibilities.
, ESTUDYR
12. What is the principle of least privilege?
A. Giving users access to all resources by default
B. Providing individuals with the minimum information required to perform their duties
C. Requiring multiple approvals for sensitive actions
D. Rotating duties among team members
Rationale: Least privilege minimizes risk by ensuring users have only the access necessary to
complete their tasks, reducing the attack surface.
13. What is mandatory vacation?
A. Required time off for all employees
B. A security control allowing monitoring of business functions in an employee’s absence
C. A policy for encrypting vacation schedules
D. Rotating vacation days among staff
Rationale: Mandatory vacation helps detect fraudulent activities by requiring employees to
take time off, during which their duties are reviewed by others.
14. What is separation of duties?
A. Dividing tasks among different departments
B. Requiring two or more people to complete an action independently
C. Rotating employees between roles
D. Isensitive network segments
Rationale: Separation of duties prevents fraud and errors by ensuring no single individual has
control over all aspects of a critical process.
15. What is a user ID?
A. A biometric identifier
B. An assigned unique identification for system users
C. A temporary access code
D. An encrypted password
Rationale: A user ID is a unique identifier assigned to each user, but it must still be
authenticated (e.g., with a password) before access is granted.
WGU C845 INFORMATION SYSTEMS SECURITY – KEY
CONCEPTS, DEFINITIONS, AND RATIONALES MOST TESTED
QUESTIONS AND ANSWERS GRADED A
1. What does "AAA" stand for in access control?
A. Authentication, Availability, Accounting
B. Authentication, Authorization, Accounting
C. Authorization, Access, Availability
D. Authentication, Access, Accounting
Rationale: AAA (Triple A) is a standard framework for controlling access to
resources: Authentication verifies identity, Authorization determines permissions,
and Accounting tracks usage.
2. What is an algorithm in cryptography?
A. A secret key used for encryption
B. A protocol for secure communication
C. A mathematical function that encrypts or decrypts text
D. A type of digital certificate
Rationale: In cryptography, an algorithm is a defined mathematical procedure used to
transform plaintext into ciphertext (encryption) and vice versa (decryption).
3. What is authentication?
A. Defining what resources a user can access
B. Tracking user activity
C. Verifying the identity claim of a user
D. Assigning a unique user ID
Rationale: Authentication is the process of confirming that a user is who they claim to be,
typically through passwords, tokens, or biometrics.
4. What is authorization?
A. Verifying user identity
B. Defining the resources, applications, and data a user may access
,ESTUDYR
C. Logging user actions
D. Creating user accounts
Rationale: Authorization follows authentication and specifies what an authenticated user is
permitted to do or access within a system.
5. What does "availability" mean in the AIC triad?
A. Protecting data from unauthorized disclosure
B. Ensuring data has not been altered
C. Ensuring data and hardware are accessible when needed
D. Preventing unauthorized access
Rationale: Availability ensures that information and systems are operational and accessible to
authorized users when required, often through redundancy and fault tolerance.
6. What is confidentiality in the AIC triad?
A. Ensuring data accuracy and consistency
B. Protecting sensitive information from unauthorized disclosure
C. Ensuring systems are always accessible
D. Tracking user activities
Rationale: Confidentiality involves protecting data from being accessed by unauthorized
individuals, often through encryption and access controls.
7. What is due care?
A. Taking actions that prevent harm
B. Taking actions a reasonable and prudent person would take
C. Ignoring minor risks
D. Conducting a risk assessment
Rationale: Due care refers to the standard of reasonable behavior expected to avoid
negligence, such as implementing security measures.
8. What is due diligence?
A. Assigning user permissions
,ESTUDYR
B. Taking actions to prevent harm to persons or property
C. Performing background checks
D. Encrypting sensitive data
Rationale: Due diligence involves proactive steps to identify and mitigate risks, such as regular
security assessments and compliance checks.
9. What is identification in access control?
A. Verifying a user’s identity
B. A unique designation or claim presented when requesting access
C. Logging user actions
D. Assigning user roles
Rationale: Identification is the process of claiming an identity (e.g., username) before
authentication verifies it.
10. What is integrity in the AIC triad?
A. Protecting data from disclosure
B. Ensuring data has not been altered in an unauthorized manner
C. Keeping systems available
D. Verifying user identity
Rationale: Integrity ensures data remains accurate, consistent, and trustworthy throughout its
lifecycle, protected from unauthorized modification.
11. What is job rotation?
A. Training employees on multiple systems
B. Shifting individuals between roles to prevent security violations
C. Rotating encryption keys
D. Changing passwords regularly
Rationale: Job rotation is a security control that reduces the risk of fraud or collusion by
moving employees between different roles and responsibilities.
, ESTUDYR
12. What is the principle of least privilege?
A. Giving users access to all resources by default
B. Providing individuals with the minimum information required to perform their duties
C. Requiring multiple approvals for sensitive actions
D. Rotating duties among team members
Rationale: Least privilege minimizes risk by ensuring users have only the access necessary to
complete their tasks, reducing the attack surface.
13. What is mandatory vacation?
A. Required time off for all employees
B. A security control allowing monitoring of business functions in an employee’s absence
C. A policy for encrypting vacation schedules
D. Rotating vacation days among staff
Rationale: Mandatory vacation helps detect fraudulent activities by requiring employees to
take time off, during which their duties are reviewed by others.
14. What is separation of duties?
A. Dividing tasks among different departments
B. Requiring two or more people to complete an action independently
C. Rotating employees between roles
D. Isensitive network segments
Rationale: Separation of duties prevents fraud and errors by ensuring no single individual has
control over all aspects of a critical process.
15. What is a user ID?
A. A biometric identifier
B. An assigned unique identification for system users
C. A temporary access code
D. An encrypted password
Rationale: A user ID is a unique identifier assigned to each user, but it must still be
authenticated (e.g., with a password) before access is granted.
