WGU D430 / C836 Fundamentals of Information Security -
Chapter ONE Concept-based review Questions with all
answers Correctly provided Latest 2025/2026
Sensitive information - correct answer Retaining sensitive information poses a risk to
the organization because of data breaches and threats of disclosure
Sensitive information should only be retained as long as it is useful or required by law.
Data States - correct answer data at rest
Data in motion
Data in use
Data at rest - correct answer Any data stored on media. It's common to encrypt
sensitive data-at-rest.
Data that's stored on media of any form(hard drive, USB stick, tape, CD) it's considered
data at rest because it's not been transmitted over the network or in use.
Data in motion - correct answer Data that's currently moving across a network from
one device to another.
Data in motion is commonly protected by network encryption, such as SSL, TLS, and
VPN connections with ipsec encryption.
Data in Use - correct answer Data that's being used by a system process, application
or user. It's data that's being created, updated, appended, or erased.
Data in use is the hardest to protect because it's not encrypted while in use. Proper
access control, integrity checks and auditing measures can help protect data in use
,Information Security - correct answer is keeping data , software, and hardware secure
against unauthorized access, use, disclosure, disruption, modification, or destruction.
When is a device truly secure? - correct answer When it is powered off & not used.
The device is secure but of no value because it cannot be used.
What is worth protecting? - correct answer Assets should always be protected by value
to the organization.
1. Human life
2. Data
3. Hardware
4. Software
Compliance - correct answer is the requirements that are set forth by laws and industry
regulations:
HIPPA/HITECH-Healthcare industry
PCI-DSS-Payment card industry
FISMA-Federal Government agencies
The CIA is the - correct answer core model of all information security.
Confidentiality - correct answer Allowing only those authorized to access the data
requested.
Integrity - correct answer Allowing only those authorized to access the data requested.
Availability - correct answer The ability to access data when needed.
, The Parkerian Hexad - correct answer Lesser known model that includes the CIA
Triade and expands on it
Adds
1. Possession and control
2. Authenticity
3. Utility
Possession and control - correct answer Refers to the physical disposition of the
media on which the data is stored.
Authenticity - correct answer Allows you to talk to the proper attribution as to the owner
or creator of the data in question.
Utility - correct answer Refers to how useful the data is to us.
Confidentiality is equal to Possession and Control - correct answer The more
confidential a data set is, the more control is needed
Integrity is equal to Authenticity - correct answer Making sure the data remains
unchanged in every way possible
Availability is equal to Utility - correct answer The more utility a data set has, the more
available it needs to be
Types of Attacks - correct answer 1. Interception
2. Interruption
3. Modification
4. Fabrication
Chapter ONE Concept-based review Questions with all
answers Correctly provided Latest 2025/2026
Sensitive information - correct answer Retaining sensitive information poses a risk to
the organization because of data breaches and threats of disclosure
Sensitive information should only be retained as long as it is useful or required by law.
Data States - correct answer data at rest
Data in motion
Data in use
Data at rest - correct answer Any data stored on media. It's common to encrypt
sensitive data-at-rest.
Data that's stored on media of any form(hard drive, USB stick, tape, CD) it's considered
data at rest because it's not been transmitted over the network or in use.
Data in motion - correct answer Data that's currently moving across a network from
one device to another.
Data in motion is commonly protected by network encryption, such as SSL, TLS, and
VPN connections with ipsec encryption.
Data in Use - correct answer Data that's being used by a system process, application
or user. It's data that's being created, updated, appended, or erased.
Data in use is the hardest to protect because it's not encrypted while in use. Proper
access control, integrity checks and auditing measures can help protect data in use
,Information Security - correct answer is keeping data , software, and hardware secure
against unauthorized access, use, disclosure, disruption, modification, or destruction.
When is a device truly secure? - correct answer When it is powered off & not used.
The device is secure but of no value because it cannot be used.
What is worth protecting? - correct answer Assets should always be protected by value
to the organization.
1. Human life
2. Data
3. Hardware
4. Software
Compliance - correct answer is the requirements that are set forth by laws and industry
regulations:
HIPPA/HITECH-Healthcare industry
PCI-DSS-Payment card industry
FISMA-Federal Government agencies
The CIA is the - correct answer core model of all information security.
Confidentiality - correct answer Allowing only those authorized to access the data
requested.
Integrity - correct answer Allowing only those authorized to access the data requested.
Availability - correct answer The ability to access data when needed.
, The Parkerian Hexad - correct answer Lesser known model that includes the CIA
Triade and expands on it
Adds
1. Possession and control
2. Authenticity
3. Utility
Possession and control - correct answer Refers to the physical disposition of the
media on which the data is stored.
Authenticity - correct answer Allows you to talk to the proper attribution as to the owner
or creator of the data in question.
Utility - correct answer Refers to how useful the data is to us.
Confidentiality is equal to Possession and Control - correct answer The more
confidential a data set is, the more control is needed
Integrity is equal to Authenticity - correct answer Making sure the data remains
unchanged in every way possible
Availability is equal to Utility - correct answer The more utility a data set has, the more
available it needs to be
Types of Attacks - correct answer 1. Interception
2. Interruption
3. Modification
4. Fabrication
