WGU D827/D430 Fundamentals of Information
Security | Objective Assessment | OA V1 and V2
Actual Questions and Answers | 2025 Update |
100% Correct.
Question 1:
Which of the following is an example of a preventative control in
information security?
A) Firewalls
B) Intrusion Detection Systems (IDS)
C) Security cameras
D) Encryption
Answer: A) Firewalls
Rationale: Firewalls are designed to prevent unauthorized access to or
from a private network, making them a preventative control.
Question 2:
What is the purpose of encryption in information security?
A) To protect data during transmission
B) To monitor network traffic
C) To backup data
D) To verify the identity of users
Answer: A) To protect data during transmission
Rationale: Encryption ensures that data is protected from unauthorized
access, especially during transmission over insecure networks.
,Question 3:
Which of the following is a characteristic of a symmetric encryption
algorithm?
A) It uses two keys, one for encryption and one for decryption
B) It is faster than asymmetric encryption
C) It uses a public key for encryption and a private key for decryption
D) It is used for digital signatures
Answer: B) It is faster than asymmetric encryption
Rationale: Symmetric encryption uses a single key for both encryption
and decryption, which makes it faster compared to asymmetric
encryption, which uses two keys.
Question 4:
Which security principle focuses on ensuring that only authorized users
have access to specific resources?
A) Least privilege
B) Integrity
C) Availability
D) Confidentiality
Answer: A) Least privilege
Rationale: The principle of least privilege ensures that users have only
the minimum access necessary to perform their jobs, reducing the risk of
unauthorized access.
Question 5:
,What is a common method used to protect data in a cloud environment?
A) Using multi-factor authentication
B) Storing data in plaintext
C) Implementing a firewall
D) Using cloud-native security tools only
Answer: A) Using multi-factor authentication
Rationale: Multi-factor authentication is commonly used to protect
access to cloud services by requiring users to verify their identity
through more than one method, such as something they know
(password) and something they have (smartphone).
Question 6:
Which of the following is the primary goal of an Information Security
Management System (ISMS)?
A) To ensure compliance with legal and regulatory requirements
B) To protect against environmental threats like fire and flood
C) To provide a framework for managing and reducing security risks
D) To prevent data loss during system updates
Answer: C) To provide a framework for managing and reducing
security risks
Rationale: An ISMS provides a structured approach to managing
information security risks, ensuring that policies, procedures, and
controls are in place to protect sensitive data.
Question 7:
What does the term “CIA Triad” refer to in information security?
, A) Confidentiality, Integrity, and Availability
B) Control, Integration, and Authorization
C) Compliance, Identity, and Authentication
D) Classification, Information, and Audit
Answer: A) Confidentiality, Integrity, and Availability
Rationale: The CIA Triad is the cornerstone of information security,
focusing on the protection of data through confidentiality, maintaining
its integrity, and ensuring its availability.
Question 8:
Which type of attack is designed to overwhelm a system by flooding it
with excessive requests?
A) Phishing
B) Denial of Service (DoS)
C) Man-in-the-middle
D) Malware
Answer: B) Denial of Service (DoS)
Rationale: A Denial of Service attack aims to disrupt the normal
functioning of a system by flooding it with excessive traffic, preventing
legitimate users from accessing the service.
Question 9:
What is the purpose of a Public Key Infrastructure (PKI)?
A) To manage and authenticate user identities
B) To create firewalls for protecting the network
C) To store user passwords securely
D) To manage and issue encryption keys
Security | Objective Assessment | OA V1 and V2
Actual Questions and Answers | 2025 Update |
100% Correct.
Question 1:
Which of the following is an example of a preventative control in
information security?
A) Firewalls
B) Intrusion Detection Systems (IDS)
C) Security cameras
D) Encryption
Answer: A) Firewalls
Rationale: Firewalls are designed to prevent unauthorized access to or
from a private network, making them a preventative control.
Question 2:
What is the purpose of encryption in information security?
A) To protect data during transmission
B) To monitor network traffic
C) To backup data
D) To verify the identity of users
Answer: A) To protect data during transmission
Rationale: Encryption ensures that data is protected from unauthorized
access, especially during transmission over insecure networks.
,Question 3:
Which of the following is a characteristic of a symmetric encryption
algorithm?
A) It uses two keys, one for encryption and one for decryption
B) It is faster than asymmetric encryption
C) It uses a public key for encryption and a private key for decryption
D) It is used for digital signatures
Answer: B) It is faster than asymmetric encryption
Rationale: Symmetric encryption uses a single key for both encryption
and decryption, which makes it faster compared to asymmetric
encryption, which uses two keys.
Question 4:
Which security principle focuses on ensuring that only authorized users
have access to specific resources?
A) Least privilege
B) Integrity
C) Availability
D) Confidentiality
Answer: A) Least privilege
Rationale: The principle of least privilege ensures that users have only
the minimum access necessary to perform their jobs, reducing the risk of
unauthorized access.
Question 5:
,What is a common method used to protect data in a cloud environment?
A) Using multi-factor authentication
B) Storing data in plaintext
C) Implementing a firewall
D) Using cloud-native security tools only
Answer: A) Using multi-factor authentication
Rationale: Multi-factor authentication is commonly used to protect
access to cloud services by requiring users to verify their identity
through more than one method, such as something they know
(password) and something they have (smartphone).
Question 6:
Which of the following is the primary goal of an Information Security
Management System (ISMS)?
A) To ensure compliance with legal and regulatory requirements
B) To protect against environmental threats like fire and flood
C) To provide a framework for managing and reducing security risks
D) To prevent data loss during system updates
Answer: C) To provide a framework for managing and reducing
security risks
Rationale: An ISMS provides a structured approach to managing
information security risks, ensuring that policies, procedures, and
controls are in place to protect sensitive data.
Question 7:
What does the term “CIA Triad” refer to in information security?
, A) Confidentiality, Integrity, and Availability
B) Control, Integration, and Authorization
C) Compliance, Identity, and Authentication
D) Classification, Information, and Audit
Answer: A) Confidentiality, Integrity, and Availability
Rationale: The CIA Triad is the cornerstone of information security,
focusing on the protection of data through confidentiality, maintaining
its integrity, and ensuring its availability.
Question 8:
Which type of attack is designed to overwhelm a system by flooding it
with excessive requests?
A) Phishing
B) Denial of Service (DoS)
C) Man-in-the-middle
D) Malware
Answer: B) Denial of Service (DoS)
Rationale: A Denial of Service attack aims to disrupt the normal
functioning of a system by flooding it with excessive traffic, preventing
legitimate users from accessing the service.
Question 9:
What is the purpose of a Public Key Infrastructure (PKI)?
A) To manage and authenticate user identities
B) To create firewalls for protecting the network
C) To store user passwords securely
D) To manage and issue encryption keys
