WGU D430 Fundamentals of Information Security: Section 5
and 6 real-world questions that simulate the exam room and
job site and Answers; 2025/2026
What is reduced by hardening an operating system? - correct answer attack surface
What is used to prevent buffer overflow? - correct answer bounds checking (sets a
limit on the amount of data an application takes in)
Which type of vulnerability is present when multiple threads within a process control
access to a particular resource? - correct answer race condition (occurs when multiple
threads within a process control access to a particular resource and the correct handling
depends on timing or transactions)
Which type of attack occurs when certain print functions within a programming language
are used to manipulate and view the internal memory of an application? - correct
answer format string (these attacks occur when certain print functions within a
programming language can be used to manipulate or view the internal memory of an
application)
Which type of attack is an example of an input validation attack? - correct answer
format string
What does an organization need to do to the attack surface to protect its devices and
network? - correct answer Perform system hardening (an protect an organization's
devices and network, by reduce the attack surface, which leaves attackers with fewer
ways to perform attacks)
When should updates be performed? - correct answer After testing and vetting
Which port service needs to be removed when running a webserver? - correct answer
Port 53 (typically blocked on webservers to prevent Domain Name System (DNS)
servers from divulging critical information to attackers)
, Which action is considered a significant event that should be included in the logging
process? - correct answer Administrative privilege
Which buffer size creates an entry point for a cyberattack when the buffer reaches 8
bytes? - correct answer 4 bytes (buffer overflow occurs when a program or process
attempts to write more data to a fixed-length block of memory, or buffer, than the buffer
is allocated to hold. At 8 bytes, the established buffer size has been exceeded)
Which tool is categorized as an exploit framework? - correct answer Core Impact
(centralized penetration testing tool that enables security teams to conduct advanced,
multi-phased penetration tests. It is a type of tool categorized as an exploit framework.
Exploit frameworks include pre-packaged sets of exploits)
Which type of control protects against authorization attacks? - correct answer Principle
of least privilege (applies only the absolute minimum permission needed to carry out a
function, thus protecting against others gaining unapproved authorization)
Which symmetric encryption algorithm is the standard encryption algorithm used by the
US Federal government? - correct answer AES
Which type of attack is a client-side attack? - correct answer Clickjacking (tricks a user
into clicking on something they might not otherwise. It can obscure what the user is
actually clicking on)
What describes a database security issue? - correct answer Unauthenticated access
to functionality
Which type of packet sniffer is used to monitor web traffic? - correct answer Wireshark
(apable of intercepting and troubleshooting traffic from both wired and wireless sources)
Which tools is used to perform web assessment and analysis? - correct answer Burp
Suite (web assessment and analysis tool that looks for issues on websites such as
cross-site scripting or SQL injection flaws)
and 6 real-world questions that simulate the exam room and
job site and Answers; 2025/2026
What is reduced by hardening an operating system? - correct answer attack surface
What is used to prevent buffer overflow? - correct answer bounds checking (sets a
limit on the amount of data an application takes in)
Which type of vulnerability is present when multiple threads within a process control
access to a particular resource? - correct answer race condition (occurs when multiple
threads within a process control access to a particular resource and the correct handling
depends on timing or transactions)
Which type of attack occurs when certain print functions within a programming language
are used to manipulate and view the internal memory of an application? - correct
answer format string (these attacks occur when certain print functions within a
programming language can be used to manipulate or view the internal memory of an
application)
Which type of attack is an example of an input validation attack? - correct answer
format string
What does an organization need to do to the attack surface to protect its devices and
network? - correct answer Perform system hardening (an protect an organization's
devices and network, by reduce the attack surface, which leaves attackers with fewer
ways to perform attacks)
When should updates be performed? - correct answer After testing and vetting
Which port service needs to be removed when running a webserver? - correct answer
Port 53 (typically blocked on webservers to prevent Domain Name System (DNS)
servers from divulging critical information to attackers)
, Which action is considered a significant event that should be included in the logging
process? - correct answer Administrative privilege
Which buffer size creates an entry point for a cyberattack when the buffer reaches 8
bytes? - correct answer 4 bytes (buffer overflow occurs when a program or process
attempts to write more data to a fixed-length block of memory, or buffer, than the buffer
is allocated to hold. At 8 bytes, the established buffer size has been exceeded)
Which tool is categorized as an exploit framework? - correct answer Core Impact
(centralized penetration testing tool that enables security teams to conduct advanced,
multi-phased penetration tests. It is a type of tool categorized as an exploit framework.
Exploit frameworks include pre-packaged sets of exploits)
Which type of control protects against authorization attacks? - correct answer Principle
of least privilege (applies only the absolute minimum permission needed to carry out a
function, thus protecting against others gaining unapproved authorization)
Which symmetric encryption algorithm is the standard encryption algorithm used by the
US Federal government? - correct answer AES
Which type of attack is a client-side attack? - correct answer Clickjacking (tricks a user
into clicking on something they might not otherwise. It can obscure what the user is
actually clicking on)
What describes a database security issue? - correct answer Unauthenticated access
to functionality
Which type of packet sniffer is used to monitor web traffic? - correct answer Wireshark
(apable of intercepting and troubleshooting traffic from both wired and wireless sources)
Which tools is used to perform web assessment and analysis? - correct answer Burp
Suite (web assessment and analysis tool that looks for issues on websites such as
cross-site scripting or SQL injection flaws)
