1
WGU D430 Fundamentals of Information Security
Exam 2026/2027 Actual Exam - Complete Questions
with Detailed Rationales | 100% Verified Graded A+
Pass Guaranteed - A+ Graded
Section 1: Information Security Foundations & Core Concepts
Q1: What principle ensures that data remains unaltered during transit?
A. Confidentiality
B. Integrity [CORRECT]
C. Availability
D. Non-repudiation
Correct Answer: B
Rationale: Integrity prevents unauthorized modification of data. Confidentiality ensures secrecy,
availability ensures access, and non-repudiation proves origin. This aligns with the CIA triad
core concepts in D430.
Q2: A system is overwhelmed by traffic, preventing legitimate users from accessing a service.
Which CIA principle is violated?
A. Confidentiality
B. Integrity
C. Availability [CORRECT]
D. Authentication
Correct Answer: C
Rationale: Availability ensures systems are accessible when needed. A DoS attack disrupts this.
Confidentiality and integrity are not directly impacted by pure flooding attacks.
Q3: Which concept proves a sender cannot deny sending a message?
A. Authentication
B. Authorization
,2
C. Non-repudiation [CORRECT]
D. Accountability
Correct Answer: C
Rationale: Non-repudiation provides proof of origin and delivery. Authentication verifies
identity, authorization grants rights, and accountability tracks actions but doesn't legally prevent
denial.
Q4: Verifying a user's claimed identity is the definition of:
A. Authorization
B. Authentication [CORRECT]
C. Accounting
D. Identification
Correct Answer: B
Rationale: Authentication validates an identity claim. Identification is claiming an identity,
authorization grants access, and accounting logs actions. This maps directly to D430 AAA
concepts.
Q5: What is the primary goal of accounting in the AAA framework?
A. Verifying user identity
B. Assigning access rights
C. Logging user activities [CORRECT]
D. Encrypting user data
Correct Answer: C
Rationale: Accounting records what a user did. Authentication checks identity, authorization
assigns permissions, and encryption protects data. This is a foundational D430 concept.
Q6: An attacker intercepts communication between two parties without altering it. Which
principle is compromised?
A. Integrity
,3
B. Availability
C. Confidentiality [CORRECT]
D. Non-repudiation
Correct Answer: C
Rationale: Intercepting data compromises confidentiality (secrecy). Integrity involves alteration,
availability involves access, and non-repudiation involves proving origin.
Q7: A database administrator accidentally deletes a table. Which control type would have best
prevented this?
A. Detective
B. Preventive [CORRECT]
C. Corrective
D. Deterrent
Correct Answer: B
Rationale: Preventive controls stop incidents before they occur. Detective controls discover
them, corrective controls fix them, and deterrent controls discourage them.
Q8: What is an example of a deterrent control?
A. Mantrap
B. Security camera [CORRECT]
C. Antivirus software
D. Incident response plan
Correct Answer: B
Rationale: Cameras deter attacks by increasing fear of being caught. Mantraps physically prevent
(preventive), antivirus blocks (preventive), and IR plans respond (corrective).
Q9: Reviewing audit logs after a breach is an example of what control type?
A. Preventive
, 4
B. Detective [CORRECT]
C. Corrective
D. Compensating
Correct Answer: B
Rationale: Reviewing logs detects an event after it happened. It does not prevent or correct the
breach itself, nor does it compensate for a missing control.
Q10: Restoring data from backup after a ransomware attack is a:
A. Preventive control
B. Detective control
C. Corrective control [CORRECT]
D. Directive control
Correct Answer: C
Rationale: Corrective controls attempt to fix or mitigate damage after an incident. Backups do
not prevent ransomware but correct the data loss.
Q11: Implementing a firewall to block unauthorized traffic is a:
A. Preventive control [CORRECT]
B. Detective control
C. Corrective control
D. Deterrent control
Correct Answer: A
Rationale: Firewalls actively block (prevent) unauthorized traffic from entering a network. They
do not just detect or deter.
Q12: Which control is implemented when a primary control is too expensive?
A. Detective
B. Compensating [CORRECT]
WGU D430 Fundamentals of Information Security
Exam 2026/2027 Actual Exam - Complete Questions
with Detailed Rationales | 100% Verified Graded A+
Pass Guaranteed - A+ Graded
Section 1: Information Security Foundations & Core Concepts
Q1: What principle ensures that data remains unaltered during transit?
A. Confidentiality
B. Integrity [CORRECT]
C. Availability
D. Non-repudiation
Correct Answer: B
Rationale: Integrity prevents unauthorized modification of data. Confidentiality ensures secrecy,
availability ensures access, and non-repudiation proves origin. This aligns with the CIA triad
core concepts in D430.
Q2: A system is overwhelmed by traffic, preventing legitimate users from accessing a service.
Which CIA principle is violated?
A. Confidentiality
B. Integrity
C. Availability [CORRECT]
D. Authentication
Correct Answer: C
Rationale: Availability ensures systems are accessible when needed. A DoS attack disrupts this.
Confidentiality and integrity are not directly impacted by pure flooding attacks.
Q3: Which concept proves a sender cannot deny sending a message?
A. Authentication
B. Authorization
,2
C. Non-repudiation [CORRECT]
D. Accountability
Correct Answer: C
Rationale: Non-repudiation provides proof of origin and delivery. Authentication verifies
identity, authorization grants rights, and accountability tracks actions but doesn't legally prevent
denial.
Q4: Verifying a user's claimed identity is the definition of:
A. Authorization
B. Authentication [CORRECT]
C. Accounting
D. Identification
Correct Answer: B
Rationale: Authentication validates an identity claim. Identification is claiming an identity,
authorization grants access, and accounting logs actions. This maps directly to D430 AAA
concepts.
Q5: What is the primary goal of accounting in the AAA framework?
A. Verifying user identity
B. Assigning access rights
C. Logging user activities [CORRECT]
D. Encrypting user data
Correct Answer: C
Rationale: Accounting records what a user did. Authentication checks identity, authorization
assigns permissions, and encryption protects data. This is a foundational D430 concept.
Q6: An attacker intercepts communication between two parties without altering it. Which
principle is compromised?
A. Integrity
,3
B. Availability
C. Confidentiality [CORRECT]
D. Non-repudiation
Correct Answer: C
Rationale: Intercepting data compromises confidentiality (secrecy). Integrity involves alteration,
availability involves access, and non-repudiation involves proving origin.
Q7: A database administrator accidentally deletes a table. Which control type would have best
prevented this?
A. Detective
B. Preventive [CORRECT]
C. Corrective
D. Deterrent
Correct Answer: B
Rationale: Preventive controls stop incidents before they occur. Detective controls discover
them, corrective controls fix them, and deterrent controls discourage them.
Q8: What is an example of a deterrent control?
A. Mantrap
B. Security camera [CORRECT]
C. Antivirus software
D. Incident response plan
Correct Answer: B
Rationale: Cameras deter attacks by increasing fear of being caught. Mantraps physically prevent
(preventive), antivirus blocks (preventive), and IR plans respond (corrective).
Q9: Reviewing audit logs after a breach is an example of what control type?
A. Preventive
, 4
B. Detective [CORRECT]
C. Corrective
D. Compensating
Correct Answer: B
Rationale: Reviewing logs detects an event after it happened. It does not prevent or correct the
breach itself, nor does it compensate for a missing control.
Q10: Restoring data from backup after a ransomware attack is a:
A. Preventive control
B. Detective control
C. Corrective control [CORRECT]
D. Directive control
Correct Answer: C
Rationale: Corrective controls attempt to fix or mitigate damage after an incident. Backups do
not prevent ransomware but correct the data loss.
Q11: Implementing a firewall to block unauthorized traffic is a:
A. Preventive control [CORRECT]
B. Detective control
C. Corrective control
D. Deterrent control
Correct Answer: A
Rationale: Firewalls actively block (prevent) unauthorized traffic from entering a network. They
do not just detect or deter.
Q12: Which control is implemented when a primary control is too expensive?
A. Detective
B. Compensating [CORRECT]
