WGU D430 Fundamentals of Information Security -
Comprehensive Study Notes & Final Exam Review Guide
(2026/2026)
__________ is used for port scanning, discovering devices, and searching for hosts on
a network. It is an important tool to help identify and remove unessential services when
hardening an operating system.
Nmap
What is reduced by hardening an operating system correct answer
The attack surface
Hardening the operating system is a way to mitigate various threats and vulnerabilities,
thus, reducing ____________________________.
The attack surface
What is used to prevent buffer overflow correct answer
Bounds checking
__________________ sets a limit on the amount of data an application takes in.
Bounds checking
_____________________ is a type of attack where more data is entered into an
application from a particular input than expected.
Buffer overflow
_____________________ occurs when input is checked for accuracy and validity.
Input validation
,Which type of vulnerability is present when multiple threads within a process control
access to a particular resource correct answer
Race condition
___________________ is a security risk in places where data might be exposed, such
as free wireless internet networks.
Wireless exposure
A ________________________ occurs when multiple threads within a process control
access to a particular resource and the correct handling depends on timing or
transactions.
Race condition
__________________ is an attack that uses SQL code for backend database
manipulation to access information.
SQL injection
__________________ is an attack that routes DNS requests to the attacker's server,
providing attackers a covert command and control channel, and data exfiltration path.
DNS tunneling
Which type of attack occurs when certain print functions within a programming language
are used to manipulate and view the internal memory of an application correct answer
Format string
_________________________ is an attack in which an attacker injects malicious
executable scripts into the code of a trusted application or website.
Cross-site scripting
A ____________ attack is a type of authentication attack that occurs when a program is
implemented to automate the process of guessing valid usernames and password
combinations.
,Brute force
_____________________ attacks occur when homegrown algorithms are used as
cryptographic controls or when application keys are not changed, as these practices
result in exposing our systems to attackers.
Cryptographic
Which type of attack is an example of an input validation attack correct answer
Format string
An organization is seeking to implement a solution that unifies control of all devices from
a central location. Which solution should the organization implement correct answer
Mobile device management (MDM)
An _____________________ refers to any system that controls in industrial process
and is commonly embedded in devices.
Industrial control system
A __________________________ solution refers to a set of tools and features that
allow an organization to centrally manage its devices under a single system. P 155
Mobile device management (MDM)
_____________________ refers to a computer contained inside another device that
typically performs a single function.
Embedded security
A __________________ is an underlying system that runs on its own processor and
generally handle's the devices' hardware. P 156
Baseband OS
, What should a company do to prevent jailbreaking on a mobile device correct answer
Attach an external management solution
_____________________________________________ to a mobile device can stop
jailbreaking, as it installs its own apps to provide additional security layers on the
device.
Attaching an external management solution
While ________________________ can make it easier for an organization to centrally
manage devices, it will not prevent jailbreaking.
Disabling personal email
While _________________________ apps on a mobile device can make it easier for an
organization to centrally manage devices, it will not prevent jailbreaking.
Disabling file sharing
While ____________________ frequent updates will provide protection on a mobile
device, hackers can still find a way to jailbreak the device.
Installing updates
Which assessment tool scans for vulnerabilities on a host correct answer
Nessus
What describes an authorized attempt to gain unauthorized access to a computer
system or network correct answer
Ethical hacking
The practice of covertly discovering and collecting information about a system.
Reconnaissance
Comprehensive Study Notes & Final Exam Review Guide
(2026/2026)
__________ is used for port scanning, discovering devices, and searching for hosts on
a network. It is an important tool to help identify and remove unessential services when
hardening an operating system.
Nmap
What is reduced by hardening an operating system correct answer
The attack surface
Hardening the operating system is a way to mitigate various threats and vulnerabilities,
thus, reducing ____________________________.
The attack surface
What is used to prevent buffer overflow correct answer
Bounds checking
__________________ sets a limit on the amount of data an application takes in.
Bounds checking
_____________________ is a type of attack where more data is entered into an
application from a particular input than expected.
Buffer overflow
_____________________ occurs when input is checked for accuracy and validity.
Input validation
,Which type of vulnerability is present when multiple threads within a process control
access to a particular resource correct answer
Race condition
___________________ is a security risk in places where data might be exposed, such
as free wireless internet networks.
Wireless exposure
A ________________________ occurs when multiple threads within a process control
access to a particular resource and the correct handling depends on timing or
transactions.
Race condition
__________________ is an attack that uses SQL code for backend database
manipulation to access information.
SQL injection
__________________ is an attack that routes DNS requests to the attacker's server,
providing attackers a covert command and control channel, and data exfiltration path.
DNS tunneling
Which type of attack occurs when certain print functions within a programming language
are used to manipulate and view the internal memory of an application correct answer
Format string
_________________________ is an attack in which an attacker injects malicious
executable scripts into the code of a trusted application or website.
Cross-site scripting
A ____________ attack is a type of authentication attack that occurs when a program is
implemented to automate the process of guessing valid usernames and password
combinations.
,Brute force
_____________________ attacks occur when homegrown algorithms are used as
cryptographic controls or when application keys are not changed, as these practices
result in exposing our systems to attackers.
Cryptographic
Which type of attack is an example of an input validation attack correct answer
Format string
An organization is seeking to implement a solution that unifies control of all devices from
a central location. Which solution should the organization implement correct answer
Mobile device management (MDM)
An _____________________ refers to any system that controls in industrial process
and is commonly embedded in devices.
Industrial control system
A __________________________ solution refers to a set of tools and features that
allow an organization to centrally manage its devices under a single system. P 155
Mobile device management (MDM)
_____________________ refers to a computer contained inside another device that
typically performs a single function.
Embedded security
A __________________ is an underlying system that runs on its own processor and
generally handle's the devices' hardware. P 156
Baseband OS
, What should a company do to prevent jailbreaking on a mobile device correct answer
Attach an external management solution
_____________________________________________ to a mobile device can stop
jailbreaking, as it installs its own apps to provide additional security layers on the
device.
Attaching an external management solution
While ________________________ can make it easier for an organization to centrally
manage devices, it will not prevent jailbreaking.
Disabling personal email
While _________________________ apps on a mobile device can make it easier for an
organization to centrally manage devices, it will not prevent jailbreaking.
Disabling file sharing
While ____________________ frequent updates will provide protection on a mobile
device, hackers can still find a way to jailbreak the device.
Installing updates
Which assessment tool scans for vulnerabilities on a host correct answer
Nessus
What describes an authorized attempt to gain unauthorized access to a computer
system or network correct answer
Ethical hacking
The practice of covertly discovering and collecting information about a system.
Reconnaissance
