WGU D430/ C836 - Fundamentals of Information
Fundamentals of Information Security – Access Control,
Cryptography & Compliance Review | 2026
The process of intelligence gathering and analysis to support business
decisions is known as _______.
A Competitive business
B Business intelligence
C Business competition
D Counter intelligence
E Competitive intelligence - correct answer E
The study that was conducted to discover the cause of the information leak
during the Vietnam War was codenamed ________ and is now considered a
symbol of OPSEC.
A Vietnam Viper
B The Art of War
C Purple Dragon
D Sun Tzu - correct answer C
Which of the following is not a best practice for password security?
A Educating users on password management
B Creating a password policy
C Enforcing complex password requirements
D Forcing password expiration intervals
E Teaching users how to manually sync passwords between systems -
correct answer E
Which social engineering technique involves impersonating someone else to
convince the target to perform some action that they wouldn't normally do for
a stranger?
A Spear phishing
B Tailgating
C Pretexting
,D Phishing - correct answer C
You swipe your key card to gain access to a secure area of the building. As
you pass through the door, you notice someone right behind you. You don't
recall that he was walking behind you a moment ago, nor do you see a key
card in his hand. What social engineering technique is demonstrated in this
example?
A Spear phishing
B Tailgating
C Pretexting
D Phishing - correct answer B
Your IT department has implemented a comprehensive defense in depth
strategy to protect your company resources. The buildings are protected by
key card swipes and video surveillance, logins and passwords are required for
access to any digital resource, and your network and workstation equipment is
properly configured, patched, and protected. Policies are in place to recover
from any major security risk. What single entity can invalidate all of these
efforts?
A person
B corrupt file
C virus
D USB drive
E bad hard drive - correct answer A
Which of the options below is an example of an effective Security Awareness,
Training, and Education (SATE) strategy?
A 3-hour CBT course with a completion certificate, required yearly
B periodic email that references the Employee Handbook and includes a link
to a required quiz
C biannual conference room training session that offers free coffee and is four
hours long
D daily "security check" question that, if answered correctly, enters the user
into a giveaway - correct answer D
,Your company has an office full of expensive computer equipment to protect.
You recommend a variety of approaches, including a security guard stationed
at the entrance, a high fence around the property, and key card entry to all
nonpublic areas. What security concept are you recommending to protect your
company's assets?
A Nonrepudiation
B Capability-based security
C Access control lists
D Principle of least privilege
E Defense in depth - correct answer E
You work for a small company that has just upgraded its data servers. The
new servers are up and running, and normal operations have resumed. The
company plans to sell its old equipment. What is your primary concern before
they auction off the old hardware?
A Data redundancy
B Data availability
C Data backups
D Residual data - correct answer D
What planning process ensures that critical business functions can continue to
operate during an emergency?
A Disaster recovery planning
B Operations security planning
C Risk management planning
D Incident response planning
E Business continuity planning - correct answer E
Which of the options below demonstrates all three types of physical security
controls: deterrent, detective, and preventive?
A warning sign
B employee policy
C burglar alarm
D guard dog
, E locked door - correct answer D
What planning process ensures that we can respond appropriately during and
after a disaster?
A Operations security process
B Risk management process
C Incident response planning
D Business continuity planning
E Disaster recovery planning - correct answer E
A tool that deliberately displays vulnerabilities in an attempt to bait attackers is
called _____________.
A fuzzer
B sniffer
C port scanner
D vulnerability assessment scanner
E honeypot - correct answer E
A firewall that can watch packets and monitor the traffic from a given
connection is using what kind of firewall technology?
A Stateful packet inspection
B Deep packet inspection
C Packet filtering - correct answer A
A specialized type of firewall that provides security and performance features,
functions as a choke point, allows for logging traffic for later inspection, and
serves as a single source of requests for the devices behind it is known as
a(n) ____________.
A Proxy server
B Intrusion detection system
C Web server
D Packet sniffer
E FTP server - correct answer A
Fundamentals of Information Security – Access Control,
Cryptography & Compliance Review | 2026
The process of intelligence gathering and analysis to support business
decisions is known as _______.
A Competitive business
B Business intelligence
C Business competition
D Counter intelligence
E Competitive intelligence - correct answer E
The study that was conducted to discover the cause of the information leak
during the Vietnam War was codenamed ________ and is now considered a
symbol of OPSEC.
A Vietnam Viper
B The Art of War
C Purple Dragon
D Sun Tzu - correct answer C
Which of the following is not a best practice for password security?
A Educating users on password management
B Creating a password policy
C Enforcing complex password requirements
D Forcing password expiration intervals
E Teaching users how to manually sync passwords between systems -
correct answer E
Which social engineering technique involves impersonating someone else to
convince the target to perform some action that they wouldn't normally do for
a stranger?
A Spear phishing
B Tailgating
C Pretexting
,D Phishing - correct answer C
You swipe your key card to gain access to a secure area of the building. As
you pass through the door, you notice someone right behind you. You don't
recall that he was walking behind you a moment ago, nor do you see a key
card in his hand. What social engineering technique is demonstrated in this
example?
A Spear phishing
B Tailgating
C Pretexting
D Phishing - correct answer B
Your IT department has implemented a comprehensive defense in depth
strategy to protect your company resources. The buildings are protected by
key card swipes and video surveillance, logins and passwords are required for
access to any digital resource, and your network and workstation equipment is
properly configured, patched, and protected. Policies are in place to recover
from any major security risk. What single entity can invalidate all of these
efforts?
A person
B corrupt file
C virus
D USB drive
E bad hard drive - correct answer A
Which of the options below is an example of an effective Security Awareness,
Training, and Education (SATE) strategy?
A 3-hour CBT course with a completion certificate, required yearly
B periodic email that references the Employee Handbook and includes a link
to a required quiz
C biannual conference room training session that offers free coffee and is four
hours long
D daily "security check" question that, if answered correctly, enters the user
into a giveaway - correct answer D
,Your company has an office full of expensive computer equipment to protect.
You recommend a variety of approaches, including a security guard stationed
at the entrance, a high fence around the property, and key card entry to all
nonpublic areas. What security concept are you recommending to protect your
company's assets?
A Nonrepudiation
B Capability-based security
C Access control lists
D Principle of least privilege
E Defense in depth - correct answer E
You work for a small company that has just upgraded its data servers. The
new servers are up and running, and normal operations have resumed. The
company plans to sell its old equipment. What is your primary concern before
they auction off the old hardware?
A Data redundancy
B Data availability
C Data backups
D Residual data - correct answer D
What planning process ensures that critical business functions can continue to
operate during an emergency?
A Disaster recovery planning
B Operations security planning
C Risk management planning
D Incident response planning
E Business continuity planning - correct answer E
Which of the options below demonstrates all three types of physical security
controls: deterrent, detective, and preventive?
A warning sign
B employee policy
C burglar alarm
D guard dog
, E locked door - correct answer D
What planning process ensures that we can respond appropriately during and
after a disaster?
A Operations security process
B Risk management process
C Incident response planning
D Business continuity planning
E Disaster recovery planning - correct answer E
A tool that deliberately displays vulnerabilities in an attempt to bait attackers is
called _____________.
A fuzzer
B sniffer
C port scanner
D vulnerability assessment scanner
E honeypot - correct answer E
A firewall that can watch packets and monitor the traffic from a given
connection is using what kind of firewall technology?
A Stateful packet inspection
B Deep packet inspection
C Packet filtering - correct answer A
A specialized type of firewall that provides security and performance features,
functions as a choke point, allows for logging traffic for later inspection, and
serves as a single source of requests for the devices behind it is known as
a(n) ____________.
A Proxy server
B Intrusion detection system
C Web server
D Packet sniffer
E FTP server - correct answer A
