WGU D430 / C836Fundamentals of Information Security – Top
Exam Questions with Completely Verified Answers Graded
A+ 2025/2026
Social engineering - correct answer techniques used by an attacker that rely on the
willingness of people to help others
Pretexting - correct answer a technique involving a fake identity & a believable
scenario that elicits the target to give out sensitive information or perform some action
which they would not normally do for a stranger
Phishing - correct answer a social engineering technique that uses electronic
communications (email, text, phone calls) to convince a potential victim to give out
sensitive information or perform some action
Spearphishing - correct answer a social engineering techniqe that targets a specific
company, organization, or person, and involves knowing specifics about the target to
appear valid
Tailgating (piggybacking) - correct answer a method by which a person follows directly
behind another person who authenticates to the physical access control measure, thus
allowing the follower to gain access without authenticating
Network usage - correct answer a security awareness issue that involves educating
users about security issues around connecting devices to networks, such as connecting
outside devices to the corporate network, and connecting corporate resources to a
public network
Malware - correct answer a security awareness issue that involves educating users
about malicious software and how to avoid it
,Use of personal equipment - correct answer security awareness issue that is
concerned with protecting a company's assets
Clean desk policy - correct answer a security awareness issue that requires users to
protect sensitive information at all times, even when away from one's desk
Policy and regulatory knowledge - correct answer a security awareness issue that is
necessary to maintain compliance throughout the organization
Sate (security awareness, training and education) - correct answer a program that
seeks to make users aware of the risk they are accepting through their current actions
and attempts to change their behavior through targeted efforts
Opsec
(operations security) - correct answer the process we use to protect our information
Sun tzu - correct answer a chinese military general from 6th century bc who wrote the
art of war, a text that shows early examples of operations security principles
Purple dragon - correct answer the codename of a study conducted to discover the
cause of an information leak during the vietnam war; is now a symbol of opsec
Competitive intelligence - correct answer the process of intelligence gathering and
analysis in order to support business decisions
5 steps of the operations security process - correct answer 1.identification of critical
information
2.analysis of threats
3.analysis of vulnerabilities
4.assessment of risks
5.application of countermeasures
, If you don't know the threat, how do you know what to protect? - correct answer the 1st
law of haas' laws of operations security
If you don't know what to protect, how do you know you are protecting it? - correct
answer the 2nd law of haas' laws of operations security
If you are not protecting it, the dragon wins! - correct answer the 3rd law of haas' laws
of operations security
Cloud computing - correct answer services that are hosted, often over the internet, for
the purposes of delivering easily scaled computing services or resources
Identification of critical information - correct answer 1st step in the opsec process,
arguably the most important: to identify the assets that most need protection and will
cause us the most harm if exposed
Analysis of threats - correct answer 2nd step in the opsec process: to look at the
potential harm or financial impact that might be caused by critical information being
exposed, and who might exploit that exposure
Analysis of vulnerabilities - correct answer 3rd step in the opsec process: to look at the
weaknesses that can be used to harm us
Assessment of risks - correct answer 4th step in the opsec process: to determine what
issues we really need to be concerned about (areas with matching threats and
vulnerabilities)
Appliance of countermeasures - correct answer 5th step in the opsec process: to put
measures in place to mitigate risks
Exam Questions with Completely Verified Answers Graded
A+ 2025/2026
Social engineering - correct answer techniques used by an attacker that rely on the
willingness of people to help others
Pretexting - correct answer a technique involving a fake identity & a believable
scenario that elicits the target to give out sensitive information or perform some action
which they would not normally do for a stranger
Phishing - correct answer a social engineering technique that uses electronic
communications (email, text, phone calls) to convince a potential victim to give out
sensitive information or perform some action
Spearphishing - correct answer a social engineering techniqe that targets a specific
company, organization, or person, and involves knowing specifics about the target to
appear valid
Tailgating (piggybacking) - correct answer a method by which a person follows directly
behind another person who authenticates to the physical access control measure, thus
allowing the follower to gain access without authenticating
Network usage - correct answer a security awareness issue that involves educating
users about security issues around connecting devices to networks, such as connecting
outside devices to the corporate network, and connecting corporate resources to a
public network
Malware - correct answer a security awareness issue that involves educating users
about malicious software and how to avoid it
,Use of personal equipment - correct answer security awareness issue that is
concerned with protecting a company's assets
Clean desk policy - correct answer a security awareness issue that requires users to
protect sensitive information at all times, even when away from one's desk
Policy and regulatory knowledge - correct answer a security awareness issue that is
necessary to maintain compliance throughout the organization
Sate (security awareness, training and education) - correct answer a program that
seeks to make users aware of the risk they are accepting through their current actions
and attempts to change their behavior through targeted efforts
Opsec
(operations security) - correct answer the process we use to protect our information
Sun tzu - correct answer a chinese military general from 6th century bc who wrote the
art of war, a text that shows early examples of operations security principles
Purple dragon - correct answer the codename of a study conducted to discover the
cause of an information leak during the vietnam war; is now a symbol of opsec
Competitive intelligence - correct answer the process of intelligence gathering and
analysis in order to support business decisions
5 steps of the operations security process - correct answer 1.identification of critical
information
2.analysis of threats
3.analysis of vulnerabilities
4.assessment of risks
5.application of countermeasures
, If you don't know the threat, how do you know what to protect? - correct answer the 1st
law of haas' laws of operations security
If you don't know what to protect, how do you know you are protecting it? - correct
answer the 2nd law of haas' laws of operations security
If you are not protecting it, the dragon wins! - correct answer the 3rd law of haas' laws
of operations security
Cloud computing - correct answer services that are hosted, often over the internet, for
the purposes of delivering easily scaled computing services or resources
Identification of critical information - correct answer 1st step in the opsec process,
arguably the most important: to identify the assets that most need protection and will
cause us the most harm if exposed
Analysis of threats - correct answer 2nd step in the opsec process: to look at the
potential harm or financial impact that might be caused by critical information being
exposed, and who might exploit that exposure
Analysis of vulnerabilities - correct answer 3rd step in the opsec process: to look at the
weaknesses that can be used to harm us
Assessment of risks - correct answer 4th step in the opsec process: to determine what
issues we really need to be concerned about (areas with matching threats and
vulnerabilities)
Appliance of countermeasures - correct answer 5th step in the opsec process: to put
measures in place to mitigate risks
