WGU D430 / C836 Fundamentals of Information Security
Comprehensive Topic Breakdown & Study Resource updated
2025/2026
Operations Security - correct answer A security and risk management process that
prevents sensitive information from getting in the wrong hands.
Competitive intelligence - correct answer the process of gathering and analyzing
information to support business decisions
Haase's Laws: Know the threats - correct answer If you don't know the threat, how do
you know what to protect? Know the threats for your data based on your location.
Haase's Laws: Know what to protect - correct answer If you don't know what to protect,
how do you know you're protecting it? Some orgs classify information (top secret).
Hasse's Laws: Protect the information - correct answer If you don't protect the
information, your adversaries win.
Human Element Security - correct answer Security Awareness, Training, and
Education (SATE)
Pretexting - correct answer a form of social engineering in which one individual lies to
obtain confidential data about another individual
Phishing - correct answer An attack that sends an email or displays a Web
announcement that falsely claims to be from a legitimate enterprise in an attempt to trick
the user into surrendering private information
competitive intelligence - correct answer the process of intelligence gathering and
analysis to support business decisions
, Competitive Counterintelligence - correct answer the practice of managing the range of
intelligence-gathering activities directed at an organization
Network-based IDS (NIDS) - correct answer an independent platform that monitors
network traffic to identify intruders.
host-based IDS - correct answer are used to analyze the activities on or directed at the
network interface of a particular asset (host).
Wireshark - correct answer a sniffer that is capable of intercepting and troubleshooting
traffic from both wired and wireless sources.
Nmap - correct answer A network utility designed to scan a network and create a map.
Frequently used as a vulnerability scanner.
Which port service needs to be removed when running a webserver? - correct answer
53
Port 80 - correct answer provides Hypertext Transfer Protocol (HTTP) services, which
serves Web content.
AES - correct answer AES is the standard encryption algorithm used by the US
Federal government.
SSRF - correct answer (Server-Side Request Forgery) An attack that takes advantage
of a trusting relationship between web servers. Attacker finds vulnerable web
application, sends request to web server, web server performs request on behalf of
attacker.
kismet - correct answer Kismet is a tool commonly used to detect wireless access
points.
Comprehensive Topic Breakdown & Study Resource updated
2025/2026
Operations Security - correct answer A security and risk management process that
prevents sensitive information from getting in the wrong hands.
Competitive intelligence - correct answer the process of gathering and analyzing
information to support business decisions
Haase's Laws: Know the threats - correct answer If you don't know the threat, how do
you know what to protect? Know the threats for your data based on your location.
Haase's Laws: Know what to protect - correct answer If you don't know what to protect,
how do you know you're protecting it? Some orgs classify information (top secret).
Hasse's Laws: Protect the information - correct answer If you don't protect the
information, your adversaries win.
Human Element Security - correct answer Security Awareness, Training, and
Education (SATE)
Pretexting - correct answer a form of social engineering in which one individual lies to
obtain confidential data about another individual
Phishing - correct answer An attack that sends an email or displays a Web
announcement that falsely claims to be from a legitimate enterprise in an attempt to trick
the user into surrendering private information
competitive intelligence - correct answer the process of intelligence gathering and
analysis to support business decisions
, Competitive Counterintelligence - correct answer the practice of managing the range of
intelligence-gathering activities directed at an organization
Network-based IDS (NIDS) - correct answer an independent platform that monitors
network traffic to identify intruders.
host-based IDS - correct answer are used to analyze the activities on or directed at the
network interface of a particular asset (host).
Wireshark - correct answer a sniffer that is capable of intercepting and troubleshooting
traffic from both wired and wireless sources.
Nmap - correct answer A network utility designed to scan a network and create a map.
Frequently used as a vulnerability scanner.
Which port service needs to be removed when running a webserver? - correct answer
53
Port 80 - correct answer provides Hypertext Transfer Protocol (HTTP) services, which
serves Web content.
AES - correct answer AES is the standard encryption algorithm used by the US
Federal government.
SSRF - correct answer (Server-Side Request Forgery) An attack that takes advantage
of a trusting relationship between web servers. Attacker finds vulnerable web
application, sends request to web server, web server performs request on behalf of
attacker.
kismet - correct answer Kismet is a tool commonly used to detect wireless access
points.
