WGU D430 / C-836 Fundamentals of Information Security –
Complete Course Review & High-Yield Study Summary | 2026
Which U.S. law defines security standards exclusively for federal agencies correct
answer
FISMA
Which U.S. law regulates the confidentiality and accuracy of a publicly traded
corporation's financial reports correct answer
SOX
A bank website accepts online loan applications. It requires applicants to review and
sign a disclosure document explaining the organization's information sharing practices.
Which federal law protects consumer's financial information correct answer
GLBA
A retail store has hired a third party to audit its computer and network systems that
process credit card payments. Which industry standard is the retail store addressing
correct answer
PCI DSS
What is Information Security correct answer
protecting information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction
Define when we are "Insecure"
Not patching our systems or not patching quickly enough//
Using weak passwords such as "password" or "12345678"//
Downloading infected programs from the Internet//
Opening dangerous e-mail attachments from unknown senders//
Using wireless networks without encryption that can be monitored by anyone
Payment Card Industry Data Security Standard (PCI DSS)
for companies that process credit card payments
,Health Insurance Portability and Accountability Act of 1996 (HIPAA)
for organizations that handle health care and patient records
Federal Information Security Management Act (FISMA)
defines security standards for many federal agencies in the United States, and a host of
others
Breach
When confidentiality is compromised// will probably include bad results
Confidentiality
a necessary component of privacy and refers to our ability to protect our data from
those who are not authorized to view it
Integrity
the ability to prevent our data from being changed in an unauthorized or undesirable
manner
Availability
refers to the ability to access our data when we need it
What part of the CIA triad is this an example of correct answer
A PIN code is required to log into an information asset.
Confidentiality
What part of the CIA triad is this an example of correct answer
Permissions are implemented to ensure access is restricted.
Integrity
What part of the CIA triad is this an example of correct answer
All systems are operational and accessible.
Availability
,What part of the CIA triad is this an example of correct answer
Information is being protected by role-based access.
Confidentiality
What part of the CIA triad is this an example of correct answer
Data have not been modified from the original creation.
Integrity
The Parkerian Hexad
A model that adds three more principles to the CIA triad correct answer possession or
control, utility, and authenticity
The Parkerian Hexad//Possession /Control
physical disposition of the media on which the data is stored
The Parkerian Hexad//Authenticity
allows us to talk about the proper attribution as to the owner or creator of the data in
question, can be enforced through use of digital signatures
The Parkerian Hexad// Utility
refers to how useful the data is to us
Interception Attack
type of attack payload/ allow unauthorized users to access our data, applications, or
environments, and are primarily an attack against confidentiality
Interruption Attack
cause our assets to become unusable or unavailable for our use, on a temporary or
permanent basis
Modification Attack
, An attack that involves tampering with our assets
Fabrication Attack
involve generating data, processes, communications, or other similar activities with a
system, can help propagate malware, like a worm
What type of attack affects the confidentiality in the CIA triad correct answer
Interception
What type of attack affects the integrity in the CIA triad correct answer
Interruption, Modification, Fabrication
What type of attack affects the availability in the CIA triad correct answer
Interruption, Modification, Fabrication
What are the four types of attack payloads correct answer
Interception, Interruption, Modification, Fabrication
At a small company, an employee makes an unauthorized data alteration. Which
component of the CIA triad has been compromised correct answer
Integrity
An organization plans to encrypt data in transit on a network. Which aspect of data is
the organization attempting to protect correct answer
Integrity
Which aspect of the CIA triad is violated by an unauthorized database roll back or undo
correct answer
Integrity
A company's website has suffered several denial of service (DoS) attacks and wishes to
thwart future attacks. Which security principle is the company addressing correct
answer
Availability
Complete Course Review & High-Yield Study Summary | 2026
Which U.S. law defines security standards exclusively for federal agencies correct
answer
FISMA
Which U.S. law regulates the confidentiality and accuracy of a publicly traded
corporation's financial reports correct answer
SOX
A bank website accepts online loan applications. It requires applicants to review and
sign a disclosure document explaining the organization's information sharing practices.
Which federal law protects consumer's financial information correct answer
GLBA
A retail store has hired a third party to audit its computer and network systems that
process credit card payments. Which industry standard is the retail store addressing
correct answer
PCI DSS
What is Information Security correct answer
protecting information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction
Define when we are "Insecure"
Not patching our systems or not patching quickly enough//
Using weak passwords such as "password" or "12345678"//
Downloading infected programs from the Internet//
Opening dangerous e-mail attachments from unknown senders//
Using wireless networks without encryption that can be monitored by anyone
Payment Card Industry Data Security Standard (PCI DSS)
for companies that process credit card payments
,Health Insurance Portability and Accountability Act of 1996 (HIPAA)
for organizations that handle health care and patient records
Federal Information Security Management Act (FISMA)
defines security standards for many federal agencies in the United States, and a host of
others
Breach
When confidentiality is compromised// will probably include bad results
Confidentiality
a necessary component of privacy and refers to our ability to protect our data from
those who are not authorized to view it
Integrity
the ability to prevent our data from being changed in an unauthorized or undesirable
manner
Availability
refers to the ability to access our data when we need it
What part of the CIA triad is this an example of correct answer
A PIN code is required to log into an information asset.
Confidentiality
What part of the CIA triad is this an example of correct answer
Permissions are implemented to ensure access is restricted.
Integrity
What part of the CIA triad is this an example of correct answer
All systems are operational and accessible.
Availability
,What part of the CIA triad is this an example of correct answer
Information is being protected by role-based access.
Confidentiality
What part of the CIA triad is this an example of correct answer
Data have not been modified from the original creation.
Integrity
The Parkerian Hexad
A model that adds three more principles to the CIA triad correct answer possession or
control, utility, and authenticity
The Parkerian Hexad//Possession /Control
physical disposition of the media on which the data is stored
The Parkerian Hexad//Authenticity
allows us to talk about the proper attribution as to the owner or creator of the data in
question, can be enforced through use of digital signatures
The Parkerian Hexad// Utility
refers to how useful the data is to us
Interception Attack
type of attack payload/ allow unauthorized users to access our data, applications, or
environments, and are primarily an attack against confidentiality
Interruption Attack
cause our assets to become unusable or unavailable for our use, on a temporary or
permanent basis
Modification Attack
, An attack that involves tampering with our assets
Fabrication Attack
involve generating data, processes, communications, or other similar activities with a
system, can help propagate malware, like a worm
What type of attack affects the confidentiality in the CIA triad correct answer
Interception
What type of attack affects the integrity in the CIA triad correct answer
Interruption, Modification, Fabrication
What type of attack affects the availability in the CIA triad correct answer
Interruption, Modification, Fabrication
What are the four types of attack payloads correct answer
Interception, Interruption, Modification, Fabrication
At a small company, an employee makes an unauthorized data alteration. Which
component of the CIA triad has been compromised correct answer
Integrity
An organization plans to encrypt data in transit on a network. Which aspect of data is
the organization attempting to protect correct answer
Integrity
Which aspect of the CIA triad is violated by an unauthorized database roll back or undo
correct answer
Integrity
A company's website has suffered several denial of service (DoS) attacks and wishes to
thwart future attacks. Which security principle is the company addressing correct
answer
Availability
