WGU C836 OBJECTIVE ASSESSMENT FINAL NEWEST
2026 ACTUAL EXAM TEST BANK| C836
FUNDAMENTALS OF INFORMATION SECURITY OA
FINAL EXAM REVIEW WITH 400 REAL EXAM
QUESTIONS AND CORRECT VERIFIED ANSWERS/
ALREADY GRADED A+ (MOST RECENT!!)
At a small company, an employee makes an unauthorized data alteration.
Which component of the CIA triad has been compromised?
A. Confidentiality
B. Authenticity
C. Integrity
D. Availability - Correct Answer - C
An organization plans to encrypt data in transit on a network.
Which aspect of data is the organization attempting to protect?
A. Integrity
B. Possession
C. Availability
D. Authenticity - Correct Answer - A
Which aspect of the CIA triad is violated by an unauthorized database
rollback or undo?
A. Availability
B. Identification
pg. 1
,C. Integrity
D. Confidentiality - Correct Answer - C
A company's website has suffered several denial of service (DoS) attacks
and wishes to thwart future attacks.
Which security principle is the company addressing?
A. Availability
B. Authenticity
C. Confidentiality
D. Possession - Correct Answer - A
An organization has a requirement that all database servers and file
servers be configured to maintain operations in the presence of a failure.
Which principle of the CIA triad is this requirement implementing?
A. Utility
B. Integrity
C. Availability
D. Confidentiality - Correct Answer - C
An organization notices unauthorized visitors following employees
through a restricted doorway.
Which vulnerability should be addressed in the organization's security
policy?
A. Pretexting
B. Phishing
C. Baiting
pg. 2
,D. Tailgating - Correct Answer - D
A company wants to update its access control policy. The company
wants to prevent hourly employees from logging in to company
computers after business hours.
Which type of access control policy should be implemented?
A. Mandatory
B. Physical
C. Discretionary
D. Attribute-based - Correct Answer - D
An accounting firm stores financial data for many customers. The
company policy requires that employees only access data for customers
they are assigned to. The company implements a written policy
indicating an employee can be fired for violating this requirement.
Which type of control has the company implemented?
A. Deterrent
B. Active
C. Preventive
D. Detective - Correct Answer - A
How can an operating system be hardened in accordance to the principle
of least privilege?
A. Implement account auditing.
B. Remove unneeded services.
C. Restrict account permissions.
pg. 3
, D. Remove unnecessary software. - Correct Answer - C
A company implements an Internet-facing web server for its sales force
to review product information. The sales force can also update its
profiles and profile photos, but not the product information. There is no
other information on this server.
Which content access permissions should be granted to the sales force
based on the principle of least privilege?
A. Read and limited write access
B. Read and write access
C. Limited write access only
D. Limited read access only - Correct Answer - A
A user runs an application that has been infected with malware that is
less than 24 hours old. The malware then infects the operating system.
Which safeguard should be implemented to prevent this type of attack?
A. Install the latest security updates.
B. Uninstall unnecessary software.
C. Modify the default user accounts.
D. Limit user account privileges. - Correct Answer - D
A company was the victim of a security breach resulting in stolen user
credentials. An attacker used a stolen username and password to log in to
an employee email account.
Which security practice could have reduced the post-breach impact of
this event?
A. Multi-factor authentication
pg. 4
2026 ACTUAL EXAM TEST BANK| C836
FUNDAMENTALS OF INFORMATION SECURITY OA
FINAL EXAM REVIEW WITH 400 REAL EXAM
QUESTIONS AND CORRECT VERIFIED ANSWERS/
ALREADY GRADED A+ (MOST RECENT!!)
At a small company, an employee makes an unauthorized data alteration.
Which component of the CIA triad has been compromised?
A. Confidentiality
B. Authenticity
C. Integrity
D. Availability - Correct Answer - C
An organization plans to encrypt data in transit on a network.
Which aspect of data is the organization attempting to protect?
A. Integrity
B. Possession
C. Availability
D. Authenticity - Correct Answer - A
Which aspect of the CIA triad is violated by an unauthorized database
rollback or undo?
A. Availability
B. Identification
pg. 1
,C. Integrity
D. Confidentiality - Correct Answer - C
A company's website has suffered several denial of service (DoS) attacks
and wishes to thwart future attacks.
Which security principle is the company addressing?
A. Availability
B. Authenticity
C. Confidentiality
D. Possession - Correct Answer - A
An organization has a requirement that all database servers and file
servers be configured to maintain operations in the presence of a failure.
Which principle of the CIA triad is this requirement implementing?
A. Utility
B. Integrity
C. Availability
D. Confidentiality - Correct Answer - C
An organization notices unauthorized visitors following employees
through a restricted doorway.
Which vulnerability should be addressed in the organization's security
policy?
A. Pretexting
B. Phishing
C. Baiting
pg. 2
,D. Tailgating - Correct Answer - D
A company wants to update its access control policy. The company
wants to prevent hourly employees from logging in to company
computers after business hours.
Which type of access control policy should be implemented?
A. Mandatory
B. Physical
C. Discretionary
D. Attribute-based - Correct Answer - D
An accounting firm stores financial data for many customers. The
company policy requires that employees only access data for customers
they are assigned to. The company implements a written policy
indicating an employee can be fired for violating this requirement.
Which type of control has the company implemented?
A. Deterrent
B. Active
C. Preventive
D. Detective - Correct Answer - A
How can an operating system be hardened in accordance to the principle
of least privilege?
A. Implement account auditing.
B. Remove unneeded services.
C. Restrict account permissions.
pg. 3
, D. Remove unnecessary software. - Correct Answer - C
A company implements an Internet-facing web server for its sales force
to review product information. The sales force can also update its
profiles and profile photos, but not the product information. There is no
other information on this server.
Which content access permissions should be granted to the sales force
based on the principle of least privilege?
A. Read and limited write access
B. Read and write access
C. Limited write access only
D. Limited read access only - Correct Answer - A
A user runs an application that has been infected with malware that is
less than 24 hours old. The malware then infects the operating system.
Which safeguard should be implemented to prevent this type of attack?
A. Install the latest security updates.
B. Uninstall unnecessary software.
C. Modify the default user accounts.
D. Limit user account privileges. - Correct Answer - D
A company was the victim of a security breach resulting in stolen user
credentials. An attacker used a stolen username and password to log in to
an employee email account.
Which security practice could have reduced the post-breach impact of
this event?
A. Multi-factor authentication
pg. 4
