WGU C836/D430 Fundamentals of Information Security 2025 |
140+ Verified Practice Questions with Correct Answers and
Rationales | Complete Study Guide for Cybersecurity
Awareness, Risk Management, and IT Security Best Practices
QUESTION 1:
What is the primary goal of information security?
A) To increase profits
B) To protect information from unauthorized access and alteration
C) To promote technology
D) To enhance customer service
Correct Option: B) To protect information from unauthorized access and alteration
Rationale: The main objective is to safeguard data integrity, confidentiality, and availability.
QUESTION 2:
Which of the following is a key principle of information security?
A) Profit maximization
B) Confidentiality, Integrity, Availability (CIA)
C) Enhanced user experience
D) Data redundancy
Correct Option: B) Confidentiality, Integrity, Availability (CIA)
Rationale: CIA is the foundational model for information security.
QUESTION 3:
What does the term "threat" refer to in information security?
A) A system vulnerability
B) Any potential danger that could exploit a vulnerability
C) A method of protection
D) An active attack
Correct Option: B) Any potential danger that could exploit a vulnerability
Rationale: Threats can lead to security breaches if not managed properly.
QUESTION 4:
Which of the following is a common type of malware?
A) Firewall
B) Virus
C) Encryption
D) VPN
Correct Option: B) Virus
Rationale: Viruses are a type of malware designed to replicate and spread.
,QUESTION 5:
What is the purpose of a firewall?
A) To encrypt data
B) To monitor and control incoming and outgoing network traffic
C) To store sensitive information
D) To enhance performance
Correct Option: B) To monitor and control incoming and outgoing network traffic
Rationale: Firewalls act as a barrier between trusted and untrusted networks.
QUESTION 6:
What does "social engineering" refer to in the context of information security?
A) A technical exploit
B) Manipulating individuals into divulging confidential information
C) A method of encryption
D) A type of firewall
Correct Option: B) Manipulating individuals into divulging confidential information
Rationale: Social engineering exploits human psychology rather than technical vulnerabilities.
QUESTION 7:
Which of the following is an example of a physical security control?
A) Antivirus software
B) Security guards
C) Encryption
D) Firewalls
Correct Option: B) Security guards
Rationale: Physical security controls protect physical assets and facilities.
QUESTION 8:
What is the primary function of encryption in information security?
A) To backup data
B) To protect data confidentiality
C) To enhance system performance
D) To monitor user activity
Correct Option: B) To protect data confidentiality
Rationale: Encryption ensures that data remains unreadable to unauthorized users.
QUESTION 9:
What does the term "vulnerability" mean in the context of information security?
,A) A security control
B) A weakness in a system that can be exploited
C) A threat actor
D) A type of malware
Correct Option: B) A weakness in a system that can be exploited
Rationale: Vulnerabilities can be targets for attacks if not properly addressed.
QUESTION 10:
Which type of attack involves overwhelming a system with traffic?
A) Phishing
B) Denial of Service (DoS)
C) Man-in-the-middle
D) SQL Injection
Correct Option: B) Denial of Service (DoS)
Rationale: DoS attacks aim to make a service unavailable by overwhelming it.
QUESTION 11:
What is the purpose of multi-factor authentication (MFA)?
A) To simplify user access
B) To enhance security by requiring multiple forms of verification
C) To reduce password complexity
D) To store user credentials
Correct Option: B) To enhance security by requiring multiple forms of verification
Rationale: MFA adds layers of security to the authentication process.
QUESTION 12:
What is an intrusion detection system (IDS) used for?
A) To prevent attacks
B) To monitor and analyze network traffic for signs of malicious activity
C) To encrypt data
D) To control access
Correct Option: B) To monitor and analyze network traffic for signs of malicious activity
Rationale: IDS helps identify potential security breaches in real time.
QUESTION 13:
What does "data integrity" refer to in information security?
A) Data availability
B) The accuracy and consistency of data over its lifecycle
, C) Data confidentiality
D) Data redundancy
Correct Option: B) The accuracy and consistency of data over its lifecycle
Rationale: Maintaining data integrity ensures trustworthiness of information.
QUESTION 14:
Which of the following is a best practice for password security?
A) Using the same password for multiple accounts
B) Using a mix of letters, numbers, and symbols
C) Changing passwords every few years
D) Writing passwords down
Correct Option: B) Using a mix of letters, numbers, and symbols
Rationale: Strong, complex passwords are harder to crack.
QUESTION 15:
What role does a Security Information and Event Management (SIEM) system play?
A) Data backup
B) Centralizes monitoring and analysis of security events
C) User authentication
D) Malware removal
Correct Option: B) Centralizes monitoring and analysis of security events
Rationale: SIEM systems help in identifying and responding to security incidents.
QUESTION 16:
What is "phishing"?
A) A method of securing data
B) An attempt to trick individuals into revealing sensitive information
C) A type of firewall
D) A network monitoring technique
Correct Option: B) An attempt to trick individuals into revealing sensitive information
Rationale: Phishing typically involves deceptive emails or messages.
QUESTION 17:
Which of the following is an example of a technical control?
A) Security policies
B) Encryption software
C) Employee training
D) Physical barriers
140+ Verified Practice Questions with Correct Answers and
Rationales | Complete Study Guide for Cybersecurity
Awareness, Risk Management, and IT Security Best Practices
QUESTION 1:
What is the primary goal of information security?
A) To increase profits
B) To protect information from unauthorized access and alteration
C) To promote technology
D) To enhance customer service
Correct Option: B) To protect information from unauthorized access and alteration
Rationale: The main objective is to safeguard data integrity, confidentiality, and availability.
QUESTION 2:
Which of the following is a key principle of information security?
A) Profit maximization
B) Confidentiality, Integrity, Availability (CIA)
C) Enhanced user experience
D) Data redundancy
Correct Option: B) Confidentiality, Integrity, Availability (CIA)
Rationale: CIA is the foundational model for information security.
QUESTION 3:
What does the term "threat" refer to in information security?
A) A system vulnerability
B) Any potential danger that could exploit a vulnerability
C) A method of protection
D) An active attack
Correct Option: B) Any potential danger that could exploit a vulnerability
Rationale: Threats can lead to security breaches if not managed properly.
QUESTION 4:
Which of the following is a common type of malware?
A) Firewall
B) Virus
C) Encryption
D) VPN
Correct Option: B) Virus
Rationale: Viruses are a type of malware designed to replicate and spread.
,QUESTION 5:
What is the purpose of a firewall?
A) To encrypt data
B) To monitor and control incoming and outgoing network traffic
C) To store sensitive information
D) To enhance performance
Correct Option: B) To monitor and control incoming and outgoing network traffic
Rationale: Firewalls act as a barrier between trusted and untrusted networks.
QUESTION 6:
What does "social engineering" refer to in the context of information security?
A) A technical exploit
B) Manipulating individuals into divulging confidential information
C) A method of encryption
D) A type of firewall
Correct Option: B) Manipulating individuals into divulging confidential information
Rationale: Social engineering exploits human psychology rather than technical vulnerabilities.
QUESTION 7:
Which of the following is an example of a physical security control?
A) Antivirus software
B) Security guards
C) Encryption
D) Firewalls
Correct Option: B) Security guards
Rationale: Physical security controls protect physical assets and facilities.
QUESTION 8:
What is the primary function of encryption in information security?
A) To backup data
B) To protect data confidentiality
C) To enhance system performance
D) To monitor user activity
Correct Option: B) To protect data confidentiality
Rationale: Encryption ensures that data remains unreadable to unauthorized users.
QUESTION 9:
What does the term "vulnerability" mean in the context of information security?
,A) A security control
B) A weakness in a system that can be exploited
C) A threat actor
D) A type of malware
Correct Option: B) A weakness in a system that can be exploited
Rationale: Vulnerabilities can be targets for attacks if not properly addressed.
QUESTION 10:
Which type of attack involves overwhelming a system with traffic?
A) Phishing
B) Denial of Service (DoS)
C) Man-in-the-middle
D) SQL Injection
Correct Option: B) Denial of Service (DoS)
Rationale: DoS attacks aim to make a service unavailable by overwhelming it.
QUESTION 11:
What is the purpose of multi-factor authentication (MFA)?
A) To simplify user access
B) To enhance security by requiring multiple forms of verification
C) To reduce password complexity
D) To store user credentials
Correct Option: B) To enhance security by requiring multiple forms of verification
Rationale: MFA adds layers of security to the authentication process.
QUESTION 12:
What is an intrusion detection system (IDS) used for?
A) To prevent attacks
B) To monitor and analyze network traffic for signs of malicious activity
C) To encrypt data
D) To control access
Correct Option: B) To monitor and analyze network traffic for signs of malicious activity
Rationale: IDS helps identify potential security breaches in real time.
QUESTION 13:
What does "data integrity" refer to in information security?
A) Data availability
B) The accuracy and consistency of data over its lifecycle
, C) Data confidentiality
D) Data redundancy
Correct Option: B) The accuracy and consistency of data over its lifecycle
Rationale: Maintaining data integrity ensures trustworthiness of information.
QUESTION 14:
Which of the following is a best practice for password security?
A) Using the same password for multiple accounts
B) Using a mix of letters, numbers, and symbols
C) Changing passwords every few years
D) Writing passwords down
Correct Option: B) Using a mix of letters, numbers, and symbols
Rationale: Strong, complex passwords are harder to crack.
QUESTION 15:
What role does a Security Information and Event Management (SIEM) system play?
A) Data backup
B) Centralizes monitoring and analysis of security events
C) User authentication
D) Malware removal
Correct Option: B) Centralizes monitoring and analysis of security events
Rationale: SIEM systems help in identifying and responding to security incidents.
QUESTION 16:
What is "phishing"?
A) A method of securing data
B) An attempt to trick individuals into revealing sensitive information
C) A type of firewall
D) A network monitoring technique
Correct Option: B) An attempt to trick individuals into revealing sensitive information
Rationale: Phishing typically involves deceptive emails or messages.
QUESTION 17:
Which of the following is an example of a technical control?
A) Security policies
B) Encryption software
C) Employee training
D) Physical barriers
