Page 1 of 39
WGU C836 (FUNDAMENTALS OF
INFORMATION SECURITY) OA 2026 EXAM
COMPLETE CURRENT TESTING QUESTIONS
AND DETAILED CORRECT ANSWERS
(VERIFIED) GUARANTEED PASS/TOP-RATED
A+.
WGU C836
Maximize your success on the WGU C836 (Fundamentals of
Information Security) OA with this focused, overly informative
study guide that strengthens your understanding of core security
principles, risk management, cryptography, network defenses,
and compliance frameworks. It is specifically designed for WGU
IT and cybersecurity students to master the foundational
knowledge required for securing information systems.
Mandatory Access Control (MAC) ✓ ✓...... ANSWER .......
Model of access control in which the owner of the resource
does not get to decide who gets to access it, but instead
access is decided by a group or individual who has the
authority to set access on resources
, Page 2 of 39
Role-Based Access Control (RBAC) ✓ ✓...... ANSWER .......
Model of access control that set by an authority responsible
for doing so, rather than by the owner of the resource.
Attribute-based Access Control (ABAC) ✓ ✓...... ANSWER
....... Model of access control that is, logically, based on
attributes from a particular person, of a resource, or of an
environment.
Example:
VPN connection is set to timeout after a certain time
Multilevel Access Control ✓ ✓...... ANSWER ....... An
access control model that includes many tiers of security
and is used extensively by military and government
organizations and those that handle data of a very sensitive
nature
Confused Deputy Problem ✓ ✓...... ANSWER ....... A type
of attack that is common in systems that use ACLs rather
than capabilities. The crux of the confused deputy problem
is seen when the software with access to a resource has a
, Page 3 of 39
greater level of permission to access the resource than the
user who is controlling the software.
If we, as the user, can trick the software into misusing its
greater level of authority, we can potentially carry out an
attack
Client-side Attacks ✓ ✓...... ANSWER ....... Attacks that
take advantage of weaknesses in applications that are
running on the computer being operated directly by the user.
These attacks can take the form of code sent through the
Web browser, which is then executed on the local machine,
malformed PDF files, images or videos with attack code
embedded, or other forms
Cross-Site Request Forgery (CSRF or XSRF) ✓ ✓......
ANSWER ....... An attack that misuses the authority of the
browser on the user's computer. If the attacker knows of, or
can guess, a Web site to which the user might already be
authenticated, perhaps a very common site such as
Amazon.com, they can attempt to carry out a CSRF attack
[2]. They can do this by embedding a link in a Web page or
HTML-based e-mail, generally a link to an image from the
, Page 4 of 39
site to which he wishes to direct the user without their
knowledge. When the application attempts to retrieve the
image in the link, it also executes the additional commands
the attacker has embedded in it.
Clickjacking (User Interface Redressing) ✓ ✓...... ANSWER
....... A client-side attack that involves the attacker placing
an invisible layer over something on a website that the user
would normally click on, in order to execute a command
differing from what the user thinks they are performing.
Accountability ✓ ✓...... ANSWER ....... Identification,
Authentication, Authorization, and Access.
Nonrepudiation ✓ ✓...... ANSWER ....... A situation in
which sufficient evidence exists as to prevent an individual
from successfully denying that he or she has made a
statement, or taken an action
Intrusion Detection ✓ ✓...... ANSWER ....... Monitors and
reports malicious events
WGU C836 (FUNDAMENTALS OF
INFORMATION SECURITY) OA 2026 EXAM
COMPLETE CURRENT TESTING QUESTIONS
AND DETAILED CORRECT ANSWERS
(VERIFIED) GUARANTEED PASS/TOP-RATED
A+.
WGU C836
Maximize your success on the WGU C836 (Fundamentals of
Information Security) OA with this focused, overly informative
study guide that strengthens your understanding of core security
principles, risk management, cryptography, network defenses,
and compliance frameworks. It is specifically designed for WGU
IT and cybersecurity students to master the foundational
knowledge required for securing information systems.
Mandatory Access Control (MAC) ✓ ✓...... ANSWER .......
Model of access control in which the owner of the resource
does not get to decide who gets to access it, but instead
access is decided by a group or individual who has the
authority to set access on resources
, Page 2 of 39
Role-Based Access Control (RBAC) ✓ ✓...... ANSWER .......
Model of access control that set by an authority responsible
for doing so, rather than by the owner of the resource.
Attribute-based Access Control (ABAC) ✓ ✓...... ANSWER
....... Model of access control that is, logically, based on
attributes from a particular person, of a resource, or of an
environment.
Example:
VPN connection is set to timeout after a certain time
Multilevel Access Control ✓ ✓...... ANSWER ....... An
access control model that includes many tiers of security
and is used extensively by military and government
organizations and those that handle data of a very sensitive
nature
Confused Deputy Problem ✓ ✓...... ANSWER ....... A type
of attack that is common in systems that use ACLs rather
than capabilities. The crux of the confused deputy problem
is seen when the software with access to a resource has a
, Page 3 of 39
greater level of permission to access the resource than the
user who is controlling the software.
If we, as the user, can trick the software into misusing its
greater level of authority, we can potentially carry out an
attack
Client-side Attacks ✓ ✓...... ANSWER ....... Attacks that
take advantage of weaknesses in applications that are
running on the computer being operated directly by the user.
These attacks can take the form of code sent through the
Web browser, which is then executed on the local machine,
malformed PDF files, images or videos with attack code
embedded, or other forms
Cross-Site Request Forgery (CSRF or XSRF) ✓ ✓......
ANSWER ....... An attack that misuses the authority of the
browser on the user's computer. If the attacker knows of, or
can guess, a Web site to which the user might already be
authenticated, perhaps a very common site such as
Amazon.com, they can attempt to carry out a CSRF attack
[2]. They can do this by embedding a link in a Web page or
HTML-based e-mail, generally a link to an image from the
, Page 4 of 39
site to which he wishes to direct the user without their
knowledge. When the application attempts to retrieve the
image in the link, it also executes the additional commands
the attacker has embedded in it.
Clickjacking (User Interface Redressing) ✓ ✓...... ANSWER
....... A client-side attack that involves the attacker placing
an invisible layer over something on a website that the user
would normally click on, in order to execute a command
differing from what the user thinks they are performing.
Accountability ✓ ✓...... ANSWER ....... Identification,
Authentication, Authorization, and Access.
Nonrepudiation ✓ ✓...... ANSWER ....... A situation in
which sufficient evidence exists as to prevent an individual
from successfully denying that he or she has made a
statement, or taken an action
Intrusion Detection ✓ ✓...... ANSWER ....... Monitors and
reports malicious events
