WGU D430/ C836 Fundamentals of Information Security unit
1 Top Quality Exam Review Guide Questions and Answers
2025/2026
Mitigating risks - correct answer In order to help us mitigate risk, we can put measures
in place to help ensure that a given type of threat is accounted for. These measures are
referred to as controls. Controls are divided into three categories: physical, logical, and
administrative.
Physical - correct answer : Physical controls are those controls that protect the
physical environment in which our systems sit, or where our data is stored. Such
controls also control access in and out of such environments. Physical controls logically
include items such as fences, gates, locks, bollards, guards, and cameras, but also
include systems that maintain the physical environment such as heating and air-
conditioning systems, fire suppression systems, and backup power generators.
Logical and technical controls - correct answer Logical controls, sometimes called
technical controls, are those that protect the systems, networks, and environments that
process, transmit, and store our data. Logical controls can include items such as
passwords, encryption, logical access controls, firewalls, and intrusion detection
systems.
Administrative - correct answer Administrative controls are based on rules, laws,
policies, procedures, guidelines, and other items that are "paper" in nature. In essence,
administrative controls set out the rules for how we expect the users of our environment
to behave. Depending on the environment and control in question, administrative
controls can represent differing levels of authority. We may have a simple rule such as
"turn the coffee pot off at the end of the day," aimed at ensuring that we do not cause a
physical security problem by burning our building down at night. We may also have a
more stringent administrative control, such as one that requires us to change our
password every 90 days.
The incident response process, at a high level, consists of: - correct answer
Preparation
Detection and analysis
Containment
Eradication
, Recovery
Post incident activity
Preparation - correct answer The preparation phase of incident response consists of
all of the activities that we can perform, in advance of the incident itself, in order to
better enable us to handle it. This typically involves having the policies and procedures
that govern incident response and handling in place, conducting training and education
for both incident handlers and those who are expected to report incidents, conducting
incident response exercises, developing and maintaining documentation, and numerous
other such activities.
The importance of this phase of incident response should not be underestimated.
Without adequate preparation, it is extremely unlikely that response to an incident will
go well and/or in the direction that we expect it to go. The time determines what needs
to be done, who needs to do it, and how to do it, is not when we are faced with a
burning emergency.
Detection and analysis - correct answer The detection and analysis phase is where the
action begins to happen in our incident response process. In this phase, we will detect
the occurrence of an issue and decide whether or not it is actually an incident so that we
can respond to it appropriately.
The detection portion of this phase will often be the result of monitoring of or alerting
based on the output of a security tool or service. This may be output from an Intrusion
Detection System (IDS), Anti Virus (AV) software, firewall logs, proxy logs, alerting from
a Security Information and Event Monitoring (SIEM) tool if program is internal or
Managed Security Service Provider (MSSP) if program is external, or any of a number
of similar sources.
Containment - correct answer Containment involves taking steps to ensure that the
situation does not cause any more damage than it already has, or to at least lessen any
ongoing harm. If the problem involves a malware infected server actively being
controlled by a remote attacker, this might mean disconnecting the server from the
network, putting firewall rules in place to block the attacker, and updating signatures or
rules on an Intrusion Prevention System (IPS) in order to halt the traffic from the
malware.
1 Top Quality Exam Review Guide Questions and Answers
2025/2026
Mitigating risks - correct answer In order to help us mitigate risk, we can put measures
in place to help ensure that a given type of threat is accounted for. These measures are
referred to as controls. Controls are divided into three categories: physical, logical, and
administrative.
Physical - correct answer : Physical controls are those controls that protect the
physical environment in which our systems sit, or where our data is stored. Such
controls also control access in and out of such environments. Physical controls logically
include items such as fences, gates, locks, bollards, guards, and cameras, but also
include systems that maintain the physical environment such as heating and air-
conditioning systems, fire suppression systems, and backup power generators.
Logical and technical controls - correct answer Logical controls, sometimes called
technical controls, are those that protect the systems, networks, and environments that
process, transmit, and store our data. Logical controls can include items such as
passwords, encryption, logical access controls, firewalls, and intrusion detection
systems.
Administrative - correct answer Administrative controls are based on rules, laws,
policies, procedures, guidelines, and other items that are "paper" in nature. In essence,
administrative controls set out the rules for how we expect the users of our environment
to behave. Depending on the environment and control in question, administrative
controls can represent differing levels of authority. We may have a simple rule such as
"turn the coffee pot off at the end of the day," aimed at ensuring that we do not cause a
physical security problem by burning our building down at night. We may also have a
more stringent administrative control, such as one that requires us to change our
password every 90 days.
The incident response process, at a high level, consists of: - correct answer
Preparation
Detection and analysis
Containment
Eradication
, Recovery
Post incident activity
Preparation - correct answer The preparation phase of incident response consists of
all of the activities that we can perform, in advance of the incident itself, in order to
better enable us to handle it. This typically involves having the policies and procedures
that govern incident response and handling in place, conducting training and education
for both incident handlers and those who are expected to report incidents, conducting
incident response exercises, developing and maintaining documentation, and numerous
other such activities.
The importance of this phase of incident response should not be underestimated.
Without adequate preparation, it is extremely unlikely that response to an incident will
go well and/or in the direction that we expect it to go. The time determines what needs
to be done, who needs to do it, and how to do it, is not when we are faced with a
burning emergency.
Detection and analysis - correct answer The detection and analysis phase is where the
action begins to happen in our incident response process. In this phase, we will detect
the occurrence of an issue and decide whether or not it is actually an incident so that we
can respond to it appropriately.
The detection portion of this phase will often be the result of monitoring of or alerting
based on the output of a security tool or service. This may be output from an Intrusion
Detection System (IDS), Anti Virus (AV) software, firewall logs, proxy logs, alerting from
a Security Information and Event Monitoring (SIEM) tool if program is internal or
Managed Security Service Provider (MSSP) if program is external, or any of a number
of similar sources.
Containment - correct answer Containment involves taking steps to ensure that the
situation does not cause any more damage than it already has, or to at least lessen any
ongoing harm. If the problem involves a malware infected server actively being
controlled by a remote attacker, this might mean disconnecting the server from the
network, putting firewall rules in place to block the attacker, and updating signatures or
rules on an Intrusion Prevention System (IPS) in order to halt the traffic from the
malware.
