WGU C836 OBJECTIVE ASSESSMENT
FINAL NEWEST ACTUAL EXAM TEST
BANK| C836 FUNDAMENTALS OF
INFORMATION SECURITY OA FINAL
EXAM REVIEW WITH REAL EXAM
QUESTIONS AND CORRECT VERIFIED
ANSWERS.
Questions 1-25: Core Security Principles (CIA Triad & Parkerian Hexad)
Q1: A company's website has suffered several denial of service (DoS)
attacks and wishes to thwart future attacks. Which security principle is
the company addressing?
A. Authenticity
B. Confidentiality
C. Possession
D. Availability
Answer: D. Availability
Rationale: Availability refers to the ability to access data or systems when
needed. A Denial of Service (DoS) attack is designed to overwhelm
resources so that legitimate users cannot access them, directly violating the
principle of availability.
,Q2: At a small company, an employee makes an unauthorized data
alteration. Which component of the CIA triad has been compromised?
A. Confidentiality
B. Authenticity
C. Integrity
D. Availability
Answer: C. Integrity
Rationale: Integrity ensures that data is not altered or deleted in an
unauthorized or undesirable manner. Unauthorized alteration is a direct
violation of data integrity.
Q3: Which aspect of the CIA triad is violated by an unauthorized
database rollback or undo?
A. Availability
B. Identification
C. Integrity
D. Confidentiality
Answer: C. Integrity
Rationale: Reverting a database to a previous state without authorization
alters the current data set. This manipulation affects the trustworthiness and
accuracy of the data, thus compromising Integrity.
Q4: An organization has a requirement that all database servers and
file servers be configured to maintain operations in the presence of a
failure. Which principle of the CIA triad is this requirement
implementing?
A. Utility
B. Integrity
C. Availability
,D. Confidentiality
Answer: C. Availability
Rationale: Maintaining operations despite failures (redundancy) ensures
that users can access data when they need it. This directly supports
Availability, which is about minimizing downtime.
Q5: An organization plans to encrypt data in transit on a network.
Which aspect of data is the organization attempting to protect?
A. Integrity
B. Possession
C. Availability
D. Authenticity
Answer: A. Integrity (or Confidentiality depending on context, but
many test banks specify Integrity for transit)
Rationale: While encryption is famous for confidentiality, when data is "in
transit," encryption prevents Man-in-the-Middle attacks where data could
be altered. It protects the integrity of the message as it moves from sender
to receiver, ensuring it isn't modified en route.
Q6: Which component of the CIA triad will be impacted if an attacker
cuts network cables?
A. Availability
B. Confidentiality
C. Authenticity
D. Integrity
Answer: A. Availability
, Rationale: Cutting physical cables disrupts the connection to the data. If
the data cannot be accessed because the network is physically broken, the
Availability principle is violated.
Q7: An organization notices unauthorized visitors following employees
through a restricted doorway. Which vulnerability should be addressed
in the organization's security policy?
A. Pretexting
B. Phishing
C. Baiting
D. Tailgating
Answer: D. Tailgating
Rationale: Tailgating (or piggybacking) occurs when an unauthorized
person follows an authorized person through a secure door. This is a
physical security breach that policies and awareness training can mitigate.
Q8: A user runs an application that has been infected with malware
that is less than 24 hours old. The malware then infects the operating
system. Which safeguard should be implemented to prevent this type
of attack?
A. Install the latest security updates.
B. Uninstall unnecessary software.
C. Modify the default user accounts.
D. Limit user account privileges.
Answer: D. Limit user account privileges.
Rationale: If the user runs the application with limited privileges
(nonadmin), the malware may not have the permissions required to infect
the core operating system files. This enforces the Principle of Least
Privilege.
FINAL NEWEST ACTUAL EXAM TEST
BANK| C836 FUNDAMENTALS OF
INFORMATION SECURITY OA FINAL
EXAM REVIEW WITH REAL EXAM
QUESTIONS AND CORRECT VERIFIED
ANSWERS.
Questions 1-25: Core Security Principles (CIA Triad & Parkerian Hexad)
Q1: A company's website has suffered several denial of service (DoS)
attacks and wishes to thwart future attacks. Which security principle is
the company addressing?
A. Authenticity
B. Confidentiality
C. Possession
D. Availability
Answer: D. Availability
Rationale: Availability refers to the ability to access data or systems when
needed. A Denial of Service (DoS) attack is designed to overwhelm
resources so that legitimate users cannot access them, directly violating the
principle of availability.
,Q2: At a small company, an employee makes an unauthorized data
alteration. Which component of the CIA triad has been compromised?
A. Confidentiality
B. Authenticity
C. Integrity
D. Availability
Answer: C. Integrity
Rationale: Integrity ensures that data is not altered or deleted in an
unauthorized or undesirable manner. Unauthorized alteration is a direct
violation of data integrity.
Q3: Which aspect of the CIA triad is violated by an unauthorized
database rollback or undo?
A. Availability
B. Identification
C. Integrity
D. Confidentiality
Answer: C. Integrity
Rationale: Reverting a database to a previous state without authorization
alters the current data set. This manipulation affects the trustworthiness and
accuracy of the data, thus compromising Integrity.
Q4: An organization has a requirement that all database servers and
file servers be configured to maintain operations in the presence of a
failure. Which principle of the CIA triad is this requirement
implementing?
A. Utility
B. Integrity
C. Availability
,D. Confidentiality
Answer: C. Availability
Rationale: Maintaining operations despite failures (redundancy) ensures
that users can access data when they need it. This directly supports
Availability, which is about minimizing downtime.
Q5: An organization plans to encrypt data in transit on a network.
Which aspect of data is the organization attempting to protect?
A. Integrity
B. Possession
C. Availability
D. Authenticity
Answer: A. Integrity (or Confidentiality depending on context, but
many test banks specify Integrity for transit)
Rationale: While encryption is famous for confidentiality, when data is "in
transit," encryption prevents Man-in-the-Middle attacks where data could
be altered. It protects the integrity of the message as it moves from sender
to receiver, ensuring it isn't modified en route.
Q6: Which component of the CIA triad will be impacted if an attacker
cuts network cables?
A. Availability
B. Confidentiality
C. Authenticity
D. Integrity
Answer: A. Availability
, Rationale: Cutting physical cables disrupts the connection to the data. If
the data cannot be accessed because the network is physically broken, the
Availability principle is violated.
Q7: An organization notices unauthorized visitors following employees
through a restricted doorway. Which vulnerability should be addressed
in the organization's security policy?
A. Pretexting
B. Phishing
C. Baiting
D. Tailgating
Answer: D. Tailgating
Rationale: Tailgating (or piggybacking) occurs when an unauthorized
person follows an authorized person through a secure door. This is a
physical security breach that policies and awareness training can mitigate.
Q8: A user runs an application that has been infected with malware
that is less than 24 hours old. The malware then infects the operating
system. Which safeguard should be implemented to prevent this type
of attack?
A. Install the latest security updates.
B. Uninstall unnecessary software.
C. Modify the default user accounts.
D. Limit user account privileges.
Answer: D. Limit user account privileges.
Rationale: If the user runs the application with limited privileges
(nonadmin), the malware may not have the permissions required to infect
the core operating system files. This enforces the Principle of Least
Privilege.
