INFORMATION SECURITY OBJECTIVE ASSESSMENT VERSION 1 AND VERSION 2
EACH VERSION CONTAINS COMPLETE ACCURATE QUESTIONS AND CORRECT
VERIFIED ANSWERS WITH DETAILED RATIONALES (100% CORRECT VERIFIED
SOLUTIONS) LATEST UPDATED VERSION 2026 EDITION |GUARANTEED SUCCESS
A+ (BRAND NEW!) |FULL REVISED EXAM
WGU D827/D430 FUNDAMENTALS OF INFORMATION SECURITY OBJECTIVE ASSESSMENT VERSION
1
Question 1
Which of the following best describes the primary goal of information security?
A) Ensure business continuity by preventing all cyberattacks
B) Protect the confidentiality, integrity, and availability of information
C) CORRECT ANSWER: Protect the confidentiality, integrity, and availability
of information
D) Focus exclusively on preventing unauthorized access to systems
Rationale: The CIA triad (confidentiality, integrity, availability) is the foundational
model for information security. Option B is too broad (preventing all attacks is
impossible), D is too narrow, and A omits integrity.
Question 2
A security administrator notices that a former employee’s account is still active
three months after termination. Which security principle has been violated?
A) Integrity
B) Availability
C) CORRECT ANSWER: Confidentiality
D) Non-repudiation
,Rationale: Confidentiality ensures only authorized subjects access objects. An
active former employee account could allow unauthorized access to sensitive data,
breaching confidentiality.
Question 3
Which type of attack involves overwhelming a system with traffic to make it
unavailable to legitimate users?
A) Man-in-the-middle
B) CORRECT ANSWER: Denial of Service (DoS)
C) SQL injection
D) Phishing
Rationale: DoS attacks flood resources (bandwidth, CPU, memory) to disrupt
service availability. MITM intercepts communications, SQL injection manipulates
databases, and phishing targets credentials.
Question 4
What is the primary purpose of hashing in information security?
A) Encrypt data for transmission
B) CORRECT ANSWER: Verify data integrity
C) Provide user authentication
D) Generate symmetric keys
Rationale: Hashing produces a fixed-size digest; any change in input changes the
hash, allowing integrity verification. Encryption (A) and authentication (C) are
separate functions.
,Question 5
Which access control model allows the owner of a resource to determine who can
access it?
A) Mandatory Access Control (MAC)
B) CORRECT ANSWER: Discretionary Access Control (DAC)
C) Role-Based Access Control (RBAC)
D) Attribute-Based Access Control (ABAC)
Rationale: DAC gives resource owners discretion to grant permissions. MAC uses
system-enforced labels, RBAC uses job roles, ABAC uses attributes.
Question 6
During a risk assessment, you identify a vulnerability with a high likelihood of
exploitation but a very low business impact. What should be the priority?
A) Apply immediate expensive controls
B) Ignore it because impact is low
C) CORRECT ANSWER: Accept the risk after documented analysis
D) Transfer the risk to an insurer
Rationale: Risk acceptance is appropriate when impact is negligible. Acceptable
risk levels are defined in the organization’s risk appetite.
Question 7
Which of the following is an example of a physical control?
A) Firewall rule
B) Password policy
C) CORRECT ANSWER: Security guard at entrance
, D) Encryption algorithm
Rationale: Physical controls include guards, locks, cameras, and fences. Firewall
rules (A) and encryption (D) are technical; password policy (B) is administrative.
Question 8
What type of malware replicates itself without user interaction and spreads across
networks?
A) Trojan horse
B) Ransomware
C) CORRECT ANSWER: Worm
D) Rootkit
Rationale: Worms self-replicate and propagate autonomously. Trojans require user
deception, ransomware encrypts files for ransom, rootkits hide malicious activity.
Question 9
In asymmetric encryption, if Alice wants to send a confidential message to Bob,
which key should she use to encrypt the message?
A) Alice’s private key
B) Alice’s public key
C) CORRECT ANSWER: Bob’s public key
D) Bob’s private key
Rationale: Asymmetric encryption uses recipient’s public key for encryption;
only recipient’s private key can decrypt, ensuring confidentiality.