WGU C836 Fundamentals of Information
Security OA Final Exam NEWEST 2026
– 300 Questions with Answers &
Rationales
Section 1: Foundational Security Concepts (Questions 1–60)
1. A company's website has suffered several denial of service (DoS) attacks
and wishes to thwart future attacks. Which security principle is the company
addressing?
A) Authenticity
B) Confidentiality
C) Possession
D) Availability
✅ Correct Answer: D
Rationale: Availability refers to the ability to access data or systems when
needed. A Denial of Service (DoS) attack is designed to overwhelm resources
so that legitimate users cannot access them, directly violating the principle
of availability .
2. At a small company, an employee makes an unauthorized data alteration.
Which component of the CIA triad has been compromised?
A) Confidentiality
B) Authenticity
C) Integrity
D) Availability
✅ Correct Answer: C
Rationale: Integrity ensures that data is not altered or deleted in an
,unauthorized or undesirable manner. Unauthorized alteration is a direct
violation of data integrity .
3. Which aspect of the CIA triad is violated by an unauthorized database
rollback or undo?
A) Availability
B) Identification
C) Integrity
D) Confidentiality
✅ Correct Answer: C
Rationale: Reverting a database to a previous state without authorization
alters the current data set. This manipulation affects the trustworthiness and
accuracy of the data, thus compromising Integrity .
4. An organization has a requirement that all database servers and file
servers be configured to maintain operations in the presence of a failure.
Which principle of the CIA triad is this requirement implementing?
A) Utility
B) Integrity
C) Availability
D) Confidentiality
✅ Correct Answer: C
Rationale: Availability means ensuring systems and data are accessible when
authorized users need them. Designing for failure tolerance ensures the
system remains operational, directly supporting availability .
,5. An attacker performs a buffer overflow attack on an organization's web
server. The web server locks up and must be restarted. Which part of the CIA
triad is under attack?
A) Confidentiality
B) Integrity
C) Control
D) Availability
✅ Correct Answer: D
Rationale: The buffer overflow caused the server to crash (lock up). Because
the service is down and users cannot access the website, Availability is
compromised .
6. A bank wants to ensure user interactions with the online banking website
are confidential. Which security solution should be implemented?
A) SSH/FTP
B) AES
C) SSL/TLS
D) VPN
✅ Correct Answer: C
Rationale: SSL/TLS (Secure Sockets Layer/Transport Layer Security) encrypts
the traffic between the user's browser and the web server, ensuring
confidentiality of the session .
7. An organization discovers that an attacker has been cutting fiber optic
cables in a remote data center to disrupt operations. Which principle of the
CIA triad is the attacker primarily targeting?
A) Authorization
B) Availability
, C) Identification
D) Confidentiality
✅ Correct Answer: B
Rationale: Cutting physical cables disrupts the connection to the data. If the
data cannot be accessed because the network is physically broken, the
Availability principle is violated .
8. The Fabrication attack type most commonly affects which principle(s) of
the CIA triad?
A) Availability
B) Integrity
C) Confidentiality
D) Integrity and Availability
✅ Correct Answer: D
Rationale: Fabrication attacks involve generating spurious data, processes, or
communications. They primarily affect integrity (creating false data) but
could also be considered an availability attack if the fabricated data
overwhelms resources .
9. Which of the following is NOT one of the three components of the CIA
triad?
A) Confidentiality
B) Integrity
C) Possession
D) Availability
✅ Correct Answer: C
Rationale: The CIA triad consists of Confidentiality, Integrity, and
Availability. Possession is an additional principle included in Donn Parker's
expanded model (the Parkerian Hexad).
Security OA Final Exam NEWEST 2026
– 300 Questions with Answers &
Rationales
Section 1: Foundational Security Concepts (Questions 1–60)
1. A company's website has suffered several denial of service (DoS) attacks
and wishes to thwart future attacks. Which security principle is the company
addressing?
A) Authenticity
B) Confidentiality
C) Possession
D) Availability
✅ Correct Answer: D
Rationale: Availability refers to the ability to access data or systems when
needed. A Denial of Service (DoS) attack is designed to overwhelm resources
so that legitimate users cannot access them, directly violating the principle
of availability .
2. At a small company, an employee makes an unauthorized data alteration.
Which component of the CIA triad has been compromised?
A) Confidentiality
B) Authenticity
C) Integrity
D) Availability
✅ Correct Answer: C
Rationale: Integrity ensures that data is not altered or deleted in an
,unauthorized or undesirable manner. Unauthorized alteration is a direct
violation of data integrity .
3. Which aspect of the CIA triad is violated by an unauthorized database
rollback or undo?
A) Availability
B) Identification
C) Integrity
D) Confidentiality
✅ Correct Answer: C
Rationale: Reverting a database to a previous state without authorization
alters the current data set. This manipulation affects the trustworthiness and
accuracy of the data, thus compromising Integrity .
4. An organization has a requirement that all database servers and file
servers be configured to maintain operations in the presence of a failure.
Which principle of the CIA triad is this requirement implementing?
A) Utility
B) Integrity
C) Availability
D) Confidentiality
✅ Correct Answer: C
Rationale: Availability means ensuring systems and data are accessible when
authorized users need them. Designing for failure tolerance ensures the
system remains operational, directly supporting availability .
,5. An attacker performs a buffer overflow attack on an organization's web
server. The web server locks up and must be restarted. Which part of the CIA
triad is under attack?
A) Confidentiality
B) Integrity
C) Control
D) Availability
✅ Correct Answer: D
Rationale: The buffer overflow caused the server to crash (lock up). Because
the service is down and users cannot access the website, Availability is
compromised .
6. A bank wants to ensure user interactions with the online banking website
are confidential. Which security solution should be implemented?
A) SSH/FTP
B) AES
C) SSL/TLS
D) VPN
✅ Correct Answer: C
Rationale: SSL/TLS (Secure Sockets Layer/Transport Layer Security) encrypts
the traffic between the user's browser and the web server, ensuring
confidentiality of the session .
7. An organization discovers that an attacker has been cutting fiber optic
cables in a remote data center to disrupt operations. Which principle of the
CIA triad is the attacker primarily targeting?
A) Authorization
B) Availability
, C) Identification
D) Confidentiality
✅ Correct Answer: B
Rationale: Cutting physical cables disrupts the connection to the data. If the
data cannot be accessed because the network is physically broken, the
Availability principle is violated .
8. The Fabrication attack type most commonly affects which principle(s) of
the CIA triad?
A) Availability
B) Integrity
C) Confidentiality
D) Integrity and Availability
✅ Correct Answer: D
Rationale: Fabrication attacks involve generating spurious data, processes, or
communications. They primarily affect integrity (creating false data) but
could also be considered an availability attack if the fabricated data
overwhelms resources .
9. Which of the following is NOT one of the three components of the CIA
triad?
A) Confidentiality
B) Integrity
C) Possession
D) Availability
✅ Correct Answer: C
Rationale: The CIA triad consists of Confidentiality, Integrity, and
Availability. Possession is an additional principle included in Donn Parker's
expanded model (the Parkerian Hexad).
