WGU D827/D430 Fundamentals of
Information Security | Objective
Assessment | OA V1 and V2 | Actual
Questions and Answers | 2026 Update |
100% Correct.
Question 1: Which of the following is an example of a preventative
control in information security?
A) Intrusion Detection Systems (IDS)
B) Security cameras
C) Firewalls
D) Encryption
Correct ,,,,answer,,,: C) Firewalls
Rationale: Firewalls are designed to prevent unauthorized access to or
from a private network, making them a preventative control. IDS (A) is
detective, security cameras (B) are physical/detective, and encryption
(D) is technical but can be preventative in specific contexts .
Question 2: What is the purpose of encryption in information security?
A) To monitor network traffic
B) To backup data
C) To protect data during transmission
D) To verify the identity of users
Correct ,,,,answer,,,: C) To protect data during transmission
,Rationale: Encryption ensures that data is protected from unauthorized
access, especially during transmission over insecure networks .
Question 3: Which of the following is a characteristic of a symmetric
encryption algorithm?
A) It uses two keys, one for encryption and one for decryption
B) It is faster than asymmetric encryption
C) It uses a public key for encryption and a private key for decryption
D) It is used for digital signatures
Correct ,,,,answer,,,: B) It is faster than asymmetric encryption
Rationale: Symmetric encryption uses a single key for both encryption
and decryption, which makes it faster compared to asymmetric
encryption, which uses two keys .
Question 4: Which security principle focuses on ensuring that only
authorized users have access to specific resources?
A) Least privilege
B) Integrity
C) Availability
D) Confidentiality
Correct ,,,,answer,,,: A) Least privilege
Rationale: The principle of least privilege ensures that users have only
the minimum access necessary to perform their jobs, reducing the risk of
unauthorized access .
Question 5: What does the concept of "defense in depth" mean in
information security?
A) Relying on a single control to protect information
B) Using multiple layers of defense to protect information
,C) Allowing users to bypass security controls when necessary
D) Monitoring network traffic for unusual activity
Correct ,,,,answer,,,: B) Using multiple layers of defense to protect
information
Rationale: Defense in depth involves implementing multiple layers of
security controls to protect data, so that if one layer fails, others will still
provide protection .
Question 6: Which security goal is violated when a hacker gains
unauthorized access to a system?
A) Integrity
B) Availability
C) Confidentiality
D) Authentication
Correct ,,,,answer,,,: C) Confidentiality
Rationale: When a hacker gains unauthorized access to a system, it
violates the confidentiality security principle, which ensures data is only
accessible to authorized users .
Question 7: The CIA Triad in information security stands for:
A) Control, Integrity, Access
B) Confidentiality, Integrity, Availability
C) Cyber, Information, Access
D) Control, Information, Authorization
Correct ,,,,answer,,,: B) Confidentiality, Integrity, Availability
Rationale: The CIA Triad is the cornerstone of information security,
focusing on the protection of data through confidentiality, maintaining
its integrity, and ensuring its availability .
, Question 8: Which type of attack is designed to overwhelm a system by
flooding it with excessive requests?
A) Phishing
B) Denial of Service (DoS)
C) Man-in-the-middle
D) Malware
Correct ,,,,answer,,,: B) Denial of Service (DoS)
Rationale: A Denial of Service attack aims to disrupt the normal
functioning of a system by flooding it with excessive traffic, preventing
legitimate users from accessing the service .
Question 9: What is the purpose of a Public Key Infrastructure (PKI)?
A) To manage and authenticate user identities
B) To create firewalls for protecting the network
C) To store user passwords securely
D) To manage and issue encryption keys
Correct ,,,,answer,,,: D) To manage and issue encryption keys
Rationale: PKI is used to manage digital keys and certificates, allowing
secure communications and authentication through encryption .
Question 10: Which of the following is a risk of using weak passwords?
A) Increased data redundancy
B) Difficulty in performing audits
C) Unauthorized access to sensitive systems
D) Increased system performance
Correct ,,,,answer,,,: C) Unauthorized access to sensitive systems
Rationale: Weak passwords are easier for attackers to guess or crack,
increasing the risk of unauthorized access to sensitive systems and data .
Information Security | Objective
Assessment | OA V1 and V2 | Actual
Questions and Answers | 2026 Update |
100% Correct.
Question 1: Which of the following is an example of a preventative
control in information security?
A) Intrusion Detection Systems (IDS)
B) Security cameras
C) Firewalls
D) Encryption
Correct ,,,,answer,,,: C) Firewalls
Rationale: Firewalls are designed to prevent unauthorized access to or
from a private network, making them a preventative control. IDS (A) is
detective, security cameras (B) are physical/detective, and encryption
(D) is technical but can be preventative in specific contexts .
Question 2: What is the purpose of encryption in information security?
A) To monitor network traffic
B) To backup data
C) To protect data during transmission
D) To verify the identity of users
Correct ,,,,answer,,,: C) To protect data during transmission
,Rationale: Encryption ensures that data is protected from unauthorized
access, especially during transmission over insecure networks .
Question 3: Which of the following is a characteristic of a symmetric
encryption algorithm?
A) It uses two keys, one for encryption and one for decryption
B) It is faster than asymmetric encryption
C) It uses a public key for encryption and a private key for decryption
D) It is used for digital signatures
Correct ,,,,answer,,,: B) It is faster than asymmetric encryption
Rationale: Symmetric encryption uses a single key for both encryption
and decryption, which makes it faster compared to asymmetric
encryption, which uses two keys .
Question 4: Which security principle focuses on ensuring that only
authorized users have access to specific resources?
A) Least privilege
B) Integrity
C) Availability
D) Confidentiality
Correct ,,,,answer,,,: A) Least privilege
Rationale: The principle of least privilege ensures that users have only
the minimum access necessary to perform their jobs, reducing the risk of
unauthorized access .
Question 5: What does the concept of "defense in depth" mean in
information security?
A) Relying on a single control to protect information
B) Using multiple layers of defense to protect information
,C) Allowing users to bypass security controls when necessary
D) Monitoring network traffic for unusual activity
Correct ,,,,answer,,,: B) Using multiple layers of defense to protect
information
Rationale: Defense in depth involves implementing multiple layers of
security controls to protect data, so that if one layer fails, others will still
provide protection .
Question 6: Which security goal is violated when a hacker gains
unauthorized access to a system?
A) Integrity
B) Availability
C) Confidentiality
D) Authentication
Correct ,,,,answer,,,: C) Confidentiality
Rationale: When a hacker gains unauthorized access to a system, it
violates the confidentiality security principle, which ensures data is only
accessible to authorized users .
Question 7: The CIA Triad in information security stands for:
A) Control, Integrity, Access
B) Confidentiality, Integrity, Availability
C) Cyber, Information, Access
D) Control, Information, Authorization
Correct ,,,,answer,,,: B) Confidentiality, Integrity, Availability
Rationale: The CIA Triad is the cornerstone of information security,
focusing on the protection of data through confidentiality, maintaining
its integrity, and ensuring its availability .
, Question 8: Which type of attack is designed to overwhelm a system by
flooding it with excessive requests?
A) Phishing
B) Denial of Service (DoS)
C) Man-in-the-middle
D) Malware
Correct ,,,,answer,,,: B) Denial of Service (DoS)
Rationale: A Denial of Service attack aims to disrupt the normal
functioning of a system by flooding it with excessive traffic, preventing
legitimate users from accessing the service .
Question 9: What is the purpose of a Public Key Infrastructure (PKI)?
A) To manage and authenticate user identities
B) To create firewalls for protecting the network
C) To store user passwords securely
D) To manage and issue encryption keys
Correct ,,,,answer,,,: D) To manage and issue encryption keys
Rationale: PKI is used to manage digital keys and certificates, allowing
secure communications and authentication through encryption .
Question 10: Which of the following is a risk of using weak passwords?
A) Increased data redundancy
B) Difficulty in performing audits
C) Unauthorized access to sensitive systems
D) Increased system performance
Correct ,,,,answer,,,: C) Unauthorized access to sensitive systems
Rationale: Weak passwords are easier for attackers to guess or crack,
increasing the risk of unauthorized access to sensitive systems and data .
