WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY STUDY GUIDE WITH ACTUAL EXAM WITH
COMPLETE QUESTIONS AND CORRECT DETAILED
ANSWERS (100% VERIFIED ANSWERS) |ALREADY
GRADED A+| ||PROFESSOR VERIFIED||
||BRANDNEW!!!||2026!!!!
Confidentiality (CIA Triad)
The ability to protect information from unauthorized access or disclosure. It ensures that only
authorized individuals or systems can view sensitive data. This is achieved through controls such
as encryption, access controls, and authentication mechanisms.
Examples of Confidentiality
A user protects their ATM PIN from being seen or stolen.
An organization protects customer account numbers from unauthorized disclosure.
How Confidentiality Is Broken
Loss or theft of devices containing data.
Unauthorized access by attackers.
Visual exposure such as shoulder surfing.
Integrity (CIA Triad)
The ability to ensure that data remains accurate, complete, and unaltered unless modified by
authorized users. It also includes the ability to detect and correct unauthorized changes.
Controlling Integrity
Permissions restrict user actions such as read, write, or modify.
Mechanisms like hashing, checksums, and version control help detect changes.
Examples of Integrity
Medical data must remain accurate to ensure correct treatment decisions.
Availability (CIA Triad)
Ensures that data and systems are accessible to authorized users when needed. It focuses on
uptime, reliability, and timely access.
,How Availability Is Broken
Power outages, hardware failures, software errors.
Denial of Service (DoS) attacks that overwhelm systems.
Information Security
The practice of protecting information and systems from unauthorized access, use, disclosure,
disruption, modification, or destruction while maintaining confidentiality, integrity, and
availability.
Parkerian Hexad
An extension of the CIA triad that includes:
Confidentiality – protection from unauthorized access
Integrity – protection from unauthorized modification
Availability – access when needed
Possession (Control) – who physically controls the data
Authenticity – verification of origin
Utility – usefulness of data
Authenticity
Ensures that data, communications, or users are genuine and originate from a trusted source.
Utility
Refers to the usefulness of data. Data may be secure but unusable if corrupted or in the wrong
format.
Possession (Control)
Refers to physical or logical control of data, regardless of whether it can be accessed or
understood.
Types of Attacks
Interception – unauthorized access to data (affects confidentiality)
Interruption – making systems unavailable (affects availability)
Modification – altering data (affects integrity)
Fabrication – creating false data (affects integrity and authenticity)
Risk Management Process
Identify assets – determine what needs protection
Identify threats – determine possible dangers
Assess vulnerabilities – identify weaknesses
Assess risks – evaluate likelihood and impact
Mitigate risks – apply controls to reduce risk
,Incident Response Process
Preparation – establish policies, tools, and training
Detection and Analysis – identify and investigate incidents
Containment – limit damage and spread
Eradication – remove the threat
Recovery – restore systems and operations
Defense in Depth
A layered security approach that uses multiple controls at different levels to reduce the risk of a
single point of failure.
Types of Controls
Physical – locks, security guards, surveillance
Logical (Technical) – firewalls, encryption, IDS
Administrative (Procedural) – policies, training, procedures
Defense-in-Depth Layers
External network – perimeter defenses
Internal network – segmentation and monitoring
Host – endpoint protection
Application – secure coding and controls
Data – encryption and access control
Identification
The claim of identity by a user or system (e.g., username).
Identity Verification
The process of confirming a claimed identity using credentials or identification.
Authentication
The process of verifying that a claimed identity is valid using methods such as passwords,
biometrics, or tokens.
Authentication Types
Multifactor authentication – uses multiple factors (e.g., password + token)
Mutual authentication – both parties verify each other
Password Security Best Practices
Use uppercase and lowercase letters
Include numbers and symbols
Avoid predictable patterns and reuse
, Multifactor Authentication Factors
Something you know – password or PIN
Something you have – token or device
Something you are – biometrics
Somewhere you are – location-based authentication
Something you do – behavior patterns
Accountability
Ensures actions can be traced to specific individuals. Supports nonrepudiation, deterrence,
detection, and legal evidence.
Auditing
The process of reviewing logs and records to ensure compliance and track user actions.
Nonrepudiation
Prevents individuals from denying actions they performed, often implemented using digital
signatures and logging.
Compliance Standards
GLBA – protects financial information
SOX – ensures accuracy of financial reporting
PCI DSS – secures payment card data
Identity (Accountability Characteristic)
Links actions to a specific user, supporting accountability.
Business Software Alliance (BSA)
An organization that audits companies for software licensing compliance.
Cryptography
The science of securing data through mathematical techniques to ensure confidentiality,
integrity, and authenticity.
Symmetric Key Cryptography
Uses a single shared key for both encryption and decryption. Fast but requires secure key
distribution.
Asymmetric Key Cryptography
Uses a public key for encryption and a private key for decryption. Enables secure
communication without sharing private keys.
Hash Functions
Algorithms that produce a fixed-size digest from input data, used to verify integrity.
SECURITY STUDY GUIDE WITH ACTUAL EXAM WITH
COMPLETE QUESTIONS AND CORRECT DETAILED
ANSWERS (100% VERIFIED ANSWERS) |ALREADY
GRADED A+| ||PROFESSOR VERIFIED||
||BRANDNEW!!!||2026!!!!
Confidentiality (CIA Triad)
The ability to protect information from unauthorized access or disclosure. It ensures that only
authorized individuals or systems can view sensitive data. This is achieved through controls such
as encryption, access controls, and authentication mechanisms.
Examples of Confidentiality
A user protects their ATM PIN from being seen or stolen.
An organization protects customer account numbers from unauthorized disclosure.
How Confidentiality Is Broken
Loss or theft of devices containing data.
Unauthorized access by attackers.
Visual exposure such as shoulder surfing.
Integrity (CIA Triad)
The ability to ensure that data remains accurate, complete, and unaltered unless modified by
authorized users. It also includes the ability to detect and correct unauthorized changes.
Controlling Integrity
Permissions restrict user actions such as read, write, or modify.
Mechanisms like hashing, checksums, and version control help detect changes.
Examples of Integrity
Medical data must remain accurate to ensure correct treatment decisions.
Availability (CIA Triad)
Ensures that data and systems are accessible to authorized users when needed. It focuses on
uptime, reliability, and timely access.
,How Availability Is Broken
Power outages, hardware failures, software errors.
Denial of Service (DoS) attacks that overwhelm systems.
Information Security
The practice of protecting information and systems from unauthorized access, use, disclosure,
disruption, modification, or destruction while maintaining confidentiality, integrity, and
availability.
Parkerian Hexad
An extension of the CIA triad that includes:
Confidentiality – protection from unauthorized access
Integrity – protection from unauthorized modification
Availability – access when needed
Possession (Control) – who physically controls the data
Authenticity – verification of origin
Utility – usefulness of data
Authenticity
Ensures that data, communications, or users are genuine and originate from a trusted source.
Utility
Refers to the usefulness of data. Data may be secure but unusable if corrupted or in the wrong
format.
Possession (Control)
Refers to physical or logical control of data, regardless of whether it can be accessed or
understood.
Types of Attacks
Interception – unauthorized access to data (affects confidentiality)
Interruption – making systems unavailable (affects availability)
Modification – altering data (affects integrity)
Fabrication – creating false data (affects integrity and authenticity)
Risk Management Process
Identify assets – determine what needs protection
Identify threats – determine possible dangers
Assess vulnerabilities – identify weaknesses
Assess risks – evaluate likelihood and impact
Mitigate risks – apply controls to reduce risk
,Incident Response Process
Preparation – establish policies, tools, and training
Detection and Analysis – identify and investigate incidents
Containment – limit damage and spread
Eradication – remove the threat
Recovery – restore systems and operations
Defense in Depth
A layered security approach that uses multiple controls at different levels to reduce the risk of a
single point of failure.
Types of Controls
Physical – locks, security guards, surveillance
Logical (Technical) – firewalls, encryption, IDS
Administrative (Procedural) – policies, training, procedures
Defense-in-Depth Layers
External network – perimeter defenses
Internal network – segmentation and monitoring
Host – endpoint protection
Application – secure coding and controls
Data – encryption and access control
Identification
The claim of identity by a user or system (e.g., username).
Identity Verification
The process of confirming a claimed identity using credentials or identification.
Authentication
The process of verifying that a claimed identity is valid using methods such as passwords,
biometrics, or tokens.
Authentication Types
Multifactor authentication – uses multiple factors (e.g., password + token)
Mutual authentication – both parties verify each other
Password Security Best Practices
Use uppercase and lowercase letters
Include numbers and symbols
Avoid predictable patterns and reuse
, Multifactor Authentication Factors
Something you know – password or PIN
Something you have – token or device
Something you are – biometrics
Somewhere you are – location-based authentication
Something you do – behavior patterns
Accountability
Ensures actions can be traced to specific individuals. Supports nonrepudiation, deterrence,
detection, and legal evidence.
Auditing
The process of reviewing logs and records to ensure compliance and track user actions.
Nonrepudiation
Prevents individuals from denying actions they performed, often implemented using digital
signatures and logging.
Compliance Standards
GLBA – protects financial information
SOX – ensures accuracy of financial reporting
PCI DSS – secures payment card data
Identity (Accountability Characteristic)
Links actions to a specific user, supporting accountability.
Business Software Alliance (BSA)
An organization that audits companies for software licensing compliance.
Cryptography
The science of securing data through mathematical techniques to ensure confidentiality,
integrity, and authenticity.
Symmetric Key Cryptography
Uses a single shared key for both encryption and decryption. Fast but requires secure key
distribution.
Asymmetric Key Cryptography
Uses a public key for encryption and a private key for decryption. Enables secure
communication without sharing private keys.
Hash Functions
Algorithms that produce a fixed-size digest from input data, used to verify integrity.
