WGU C836 Fundamentals of Information Security |
OBJECTIVE ASSESSMENT (OA) Final Exam Questions
And Answers | Latest Update 2026–2027 | Graded A+
| Assured Pass.
Sample Exam Questions
1. Which of the following is a primary goal of information security?
• A) Increase software functionality
• B) Triple data storage capacity
• C) Maintain data confidentiality
• D) Enhance system usability
Correct Option: C) Maintain data confidentiality
Rationale: The primary goals of information security generally focus on ensuring
confidentiality, integrity, and availability of data. Confidentiality involves protecting information
from unauthorized access.
2. What is the principle of least privilege?
• A) Users should have all privileges for usability
• B) Users are granted only the minimum level of access necessary
• C) Access is revoked after completion of tasks
• D) Privileges are determined by IT professionals only
Correct Option: B) Users are granted only the minimum level of access necessary
,Rationale: The principle of least privilege is a security practice that restricts user access rights to
the bare minimum permissions they need to perform their job functions.
3. Which standard focuses on managing and protecting sensitive data?
• A) HIPAA
• B) PCI DSS
• C) NIST SP 800-53
• D) ISO 27001
Correct Option: B) PCI DSS
Rationale: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security
standards designed to ensure that companies that accept, process, store, or transmit credit card
information maintain a secure environment.
4. What does HTTPS stand for?
• A) Hypertext Transfer Protocol Standard
• B) Hypertext Transfer Protocol Secure
• C) Hypertext Transfer Privacy Standard
• D) Hypertext Transfer Protocol Secure Layer
Correct Option: B) Hypertext Transfer Protocol Secure
Rationale: HTTPS is the secure version of HTTP, which encrypts the data exchanged to protect
against interception.
5. A company experiences a data breach. Which of the following is the first action they
should take?
• A) Inform customers
, • B) Contain the breach
• C) Identify the attack vector
• D) Restore data from backup
Correct Option: B) Contain the breach
Rationale: Containment should be the first step to prevent further data loss or damage.
9. What is a strong password policy likely to include?
• A) At least 5 characters
• B) A mix of letters, numbers, and symbols
• C) Easy-to-remember words
• D) Use of personal information
Correct Option: B) A mix of letters, numbers, and symbols
Rationale: A strong password combines various character types to enhance security, making it
much harder to guess or crack.
8. Which of the following is a common method for preventing unauthorized access to a
network?
• A) Firewalls
• B) Intrusion Detection Systems (IDS)
• C) Access Control Lists (ACLs)
• D) Network Protocols
Correct Option: C) Access Control Lists (ACLs)
Rationale: ACLs help define who can access certain resources in a network, enforcing security
by allowing only authorized users or systems.
, 10. Which of the following is considered a social engineering attack?
• A) DDoS
• B) Pretexting
• C) SQL Injection
• D) Trojan Horse
Correct Option: B) Pretexting
Rationale: Pretexting involves creating a fabricated scenario to obtain information from a target,
often used in social engineering attacks.
6. Which type of attack involves overwhelming a system with traffic to render it unusable?
• A) Phishing
• B) Denial of Service (DoS)
• C) Man-in-the-Middle
• D) SQL Injection
Correct Option: B) Denial of Service (DoS)
Rationale: A Denial of Service attack aims to make a machine or network resource unavailable
by overwhelming it with a flood of illegitimate requests.
7. What is the purpose of encryption in data security?
• A) To protect data confidentiality during transmission
• B) To improve data integrity
OBJECTIVE ASSESSMENT (OA) Final Exam Questions
And Answers | Latest Update 2026–2027 | Graded A+
| Assured Pass.
Sample Exam Questions
1. Which of the following is a primary goal of information security?
• A) Increase software functionality
• B) Triple data storage capacity
• C) Maintain data confidentiality
• D) Enhance system usability
Correct Option: C) Maintain data confidentiality
Rationale: The primary goals of information security generally focus on ensuring
confidentiality, integrity, and availability of data. Confidentiality involves protecting information
from unauthorized access.
2. What is the principle of least privilege?
• A) Users should have all privileges for usability
• B) Users are granted only the minimum level of access necessary
• C) Access is revoked after completion of tasks
• D) Privileges are determined by IT professionals only
Correct Option: B) Users are granted only the minimum level of access necessary
,Rationale: The principle of least privilege is a security practice that restricts user access rights to
the bare minimum permissions they need to perform their job functions.
3. Which standard focuses on managing and protecting sensitive data?
• A) HIPAA
• B) PCI DSS
• C) NIST SP 800-53
• D) ISO 27001
Correct Option: B) PCI DSS
Rationale: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security
standards designed to ensure that companies that accept, process, store, or transmit credit card
information maintain a secure environment.
4. What does HTTPS stand for?
• A) Hypertext Transfer Protocol Standard
• B) Hypertext Transfer Protocol Secure
• C) Hypertext Transfer Privacy Standard
• D) Hypertext Transfer Protocol Secure Layer
Correct Option: B) Hypertext Transfer Protocol Secure
Rationale: HTTPS is the secure version of HTTP, which encrypts the data exchanged to protect
against interception.
5. A company experiences a data breach. Which of the following is the first action they
should take?
• A) Inform customers
, • B) Contain the breach
• C) Identify the attack vector
• D) Restore data from backup
Correct Option: B) Contain the breach
Rationale: Containment should be the first step to prevent further data loss or damage.
9. What is a strong password policy likely to include?
• A) At least 5 characters
• B) A mix of letters, numbers, and symbols
• C) Easy-to-remember words
• D) Use of personal information
Correct Option: B) A mix of letters, numbers, and symbols
Rationale: A strong password combines various character types to enhance security, making it
much harder to guess or crack.
8. Which of the following is a common method for preventing unauthorized access to a
network?
• A) Firewalls
• B) Intrusion Detection Systems (IDS)
• C) Access Control Lists (ACLs)
• D) Network Protocols
Correct Option: C) Access Control Lists (ACLs)
Rationale: ACLs help define who can access certain resources in a network, enforcing security
by allowing only authorized users or systems.
, 10. Which of the following is considered a social engineering attack?
• A) DDoS
• B) Pretexting
• C) SQL Injection
• D) Trojan Horse
Correct Option: B) Pretexting
Rationale: Pretexting involves creating a fabricated scenario to obtain information from a target,
often used in social engineering attacks.
6. Which type of attack involves overwhelming a system with traffic to render it unusable?
• A) Phishing
• B) Denial of Service (DoS)
• C) Man-in-the-Middle
• D) SQL Injection
Correct Option: B) Denial of Service (DoS)
Rationale: A Denial of Service attack aims to make a machine or network resource unavailable
by overwhelming it with a flood of illegitimate requests.
7. What is the purpose of encryption in data security?
• A) To protect data confidentiality during transmission
• B) To improve data integrity
