WGU D430 / C836 Fundamentals of Information Security-
Network Security Concepts and Vulnerability Assessment
Study Guide Exam Questions with Certified for Accuracy
Answers 2025/2026
A type of attack that is more common in systems that use ACLs rather than capabilities -
correct answer The confused deputy problem
A type of attack that misuses the authority of the browser on the user's computer -
correct answer Cross-site request forgery (CSRF)
Access is determined by the owner of the resource in question - correct answer
Discretionary access control (DAC)
Similar to MAC in that access controls are set by an authority responsible for doing so,
rather than by the owner of the resource. In this model, access is based on the role the
individual is performing - correct answer Role-based access control (RBAC)
Access is based on attributes (of a person, a resource, or an environment) - correct
answer Attribute-based access control
Designed to prevent conflicts of interest; commonly used in industries that handle
sensitive data. Three main resource classes are considered in this model: objects,
company groups, and conflict classes. - correct answer The Brewer and Nash model
A combination of DAC and MAC, primarily concerned with the confidentiality of the
resource. Two security properties define how information can flow to and from the
resource: the simple security property and the * property. - correct answer The Bell-
LaPadula model
Primarily concerned with protecting the integrity of data, even at the expense of
confidentiality. Two security rules: the simple integrity axiom and the * integrity axiom. -
correct answer The Biba model
,An access control model that includes many tiers of security and is used extensively by
military and government organizations and those that handle data of a very sensitive
nature - correct answer Multilevel access control model
What process ensures compliance with applicable laws, policies, and other bodies of
administrative control, and detects misuse? This task contains the radio buttons and
checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to
alt+9.
A.Nonrepudiation
B.Deterrence
C.Auditing
D.Accountability
E.Authorization - correct answer C.Auditing
Lesson: Auditing and Accountability
Objective: Introduction
Nessus is an example of a(n) _______________ tool. This task contains the radio
buttons and checkboxes for options. The shortcut keys to perform this task are A to H
and alt+1 to alt+9.
A.Fuzzing
B.Anti-virus
C.Anti-malware
D.Vulnerability scanning
E.Penetration testing - correct answer D.Vulnerability scanning
A surveillance video log contains a record, including the exact date and time, of an
individual gaining access to his company's office building after hours. He denies that he
was there during that time, but the existence of the video log proves otherwise. What
benefit of accountability does this example demonstrate? This task contains the radio
,buttons and checkboxes for options. The shortcut keys to perform this task are A to H
and alt+1 to alt+9.
A.Deterrence
B.Nonrepudiation
C.Intrusion detection and prevention
D.Authentication
E.Authorization - correct answer B.Nonrepudiation
_______ provides us with the means to trace activities in our environment back to their
source. This task contains the radio buttons and checkboxes for options. The shortcut
keys to perform this task are A to H and alt+1 to alt+9.
A.Access
B.Authentication
C.Accountability
D.Authorization
E.Nonrepudiation - correct answer C.Accountability
Backordered Parts is a defense contractor that builds communications parts for the
military. The employees use mostly Web-based applications for parts design and
information sharing. Due to the sensitive nature of the business, Backordered Parts
would like to implement a solution that secures all browser connections to the Web
servers. What encryption solution best meets this company's needs? This task contains
the radio buttons and checkboxes for options.
A.Elliptic Curve Cryptography (ECC)
B.Digital signatures
C.Advanced Encryption Standard (AES)
D.Blowfish - correct answer A.Elliptic Curve Cryptography (ECC)
, Lesson: Cryptography
Objective: Alert!
Question 3 : We are somewhat limited in our ability to protect which type of data? This
task contains the radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
A.Data at rest
B.Data in motion
C.Data in use - correct answer C.Data in use
he science of breaking through encryption is known as _____. This task contains the
radio buttons and checkboxes for options. The shortcut keys to perform this task are A
to H and alt+1 to alt+9.
A.Ciphertext
B.Cryptology
C.Cryptography
D.Cryptanalysis - correct answer D.Cryptanalysis
The specifics of the process used to encrypt the plaintext or decrypt the ciphertext -
correct answer Cryptographic algorithm
Also known as private key cryptography, this uses a single key for both encryption of the
plaintext and decryption of the ciphertext - correct answer Symmetric key cryptography
Example: AES
A type of cipher that takes a predetermined number of bits in the plaintext message
(commonly 64 bits) and encrypts that block - correct answer Block cipher
Network Security Concepts and Vulnerability Assessment
Study Guide Exam Questions with Certified for Accuracy
Answers 2025/2026
A type of attack that is more common in systems that use ACLs rather than capabilities -
correct answer The confused deputy problem
A type of attack that misuses the authority of the browser on the user's computer -
correct answer Cross-site request forgery (CSRF)
Access is determined by the owner of the resource in question - correct answer
Discretionary access control (DAC)
Similar to MAC in that access controls are set by an authority responsible for doing so,
rather than by the owner of the resource. In this model, access is based on the role the
individual is performing - correct answer Role-based access control (RBAC)
Access is based on attributes (of a person, a resource, or an environment) - correct
answer Attribute-based access control
Designed to prevent conflicts of interest; commonly used in industries that handle
sensitive data. Three main resource classes are considered in this model: objects,
company groups, and conflict classes. - correct answer The Brewer and Nash model
A combination of DAC and MAC, primarily concerned with the confidentiality of the
resource. Two security properties define how information can flow to and from the
resource: the simple security property and the * property. - correct answer The Bell-
LaPadula model
Primarily concerned with protecting the integrity of data, even at the expense of
confidentiality. Two security rules: the simple integrity axiom and the * integrity axiom. -
correct answer The Biba model
,An access control model that includes many tiers of security and is used extensively by
military and government organizations and those that handle data of a very sensitive
nature - correct answer Multilevel access control model
What process ensures compliance with applicable laws, policies, and other bodies of
administrative control, and detects misuse? This task contains the radio buttons and
checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to
alt+9.
A.Nonrepudiation
B.Deterrence
C.Auditing
D.Accountability
E.Authorization - correct answer C.Auditing
Lesson: Auditing and Accountability
Objective: Introduction
Nessus is an example of a(n) _______________ tool. This task contains the radio
buttons and checkboxes for options. The shortcut keys to perform this task are A to H
and alt+1 to alt+9.
A.Fuzzing
B.Anti-virus
C.Anti-malware
D.Vulnerability scanning
E.Penetration testing - correct answer D.Vulnerability scanning
A surveillance video log contains a record, including the exact date and time, of an
individual gaining access to his company's office building after hours. He denies that he
was there during that time, but the existence of the video log proves otherwise. What
benefit of accountability does this example demonstrate? This task contains the radio
,buttons and checkboxes for options. The shortcut keys to perform this task are A to H
and alt+1 to alt+9.
A.Deterrence
B.Nonrepudiation
C.Intrusion detection and prevention
D.Authentication
E.Authorization - correct answer B.Nonrepudiation
_______ provides us with the means to trace activities in our environment back to their
source. This task contains the radio buttons and checkboxes for options. The shortcut
keys to perform this task are A to H and alt+1 to alt+9.
A.Access
B.Authentication
C.Accountability
D.Authorization
E.Nonrepudiation - correct answer C.Accountability
Backordered Parts is a defense contractor that builds communications parts for the
military. The employees use mostly Web-based applications for parts design and
information sharing. Due to the sensitive nature of the business, Backordered Parts
would like to implement a solution that secures all browser connections to the Web
servers. What encryption solution best meets this company's needs? This task contains
the radio buttons and checkboxes for options.
A.Elliptic Curve Cryptography (ECC)
B.Digital signatures
C.Advanced Encryption Standard (AES)
D.Blowfish - correct answer A.Elliptic Curve Cryptography (ECC)
, Lesson: Cryptography
Objective: Alert!
Question 3 : We are somewhat limited in our ability to protect which type of data? This
task contains the radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
A.Data at rest
B.Data in motion
C.Data in use - correct answer C.Data in use
he science of breaking through encryption is known as _____. This task contains the
radio buttons and checkboxes for options. The shortcut keys to perform this task are A
to H and alt+1 to alt+9.
A.Ciphertext
B.Cryptology
C.Cryptography
D.Cryptanalysis - correct answer D.Cryptanalysis
The specifics of the process used to encrypt the plaintext or decrypt the ciphertext -
correct answer Cryptographic algorithm
Also known as private key cryptography, this uses a single key for both encryption of the
plaintext and decryption of the ciphertext - correct answer Symmetric key cryptography
Example: AES
A type of cipher that takes a predetermined number of bits in the plaintext message
(commonly 64 bits) and encrypts that block - correct answer Block cipher
