This WGU C836: Fundamentals of Information Security Objective Assessment (OA) relies
heavily on foundational cybersecurity concepts. This is highly regarded "Overly Informative 139
Question & Answers Study Guide" Set focuses primarily on the core cybersecurity pillars,
attack types, and risk management processes is required to pass the assessment.
Below is the definitive breakdown of the most critical exam descriptions, core concepts, and
representative questions from that 139-question test bank.
The Core Triads & Models
This exam places immense weight on distinguishing between the foundational information security
frameworks.
The CIA Triad
The core model of all information security.
• Confidentiality: Protecting data from unauthorized viewing (e.g., thwarted by shoulder
surfing, unencrypted emails, or data breaches).
• Integrity: Keeping data unaltered by accidental or malicious intent (e.g., thwarted by
unauthorized database modifications or file tampering).
• Availability: Ensuring authorized users have reliable, timely access to data and systems
when needed.
The Parkerian Hexad
An expanded model adding three additional principles to the CIA Triad:
• Possession or Control: The physical holding or licensing of an asset, separate from
confidentiality (e.g., a stolen encrypted laptop means loss of possession, but not necessarily
loss of confidentiality).
1
, • Authenticity: Verification of the data creator or sender (ensuring data is genuine and from
the stated source).
• Utility: The usefulness of the data (e.g., encrypted data for which the key is lost retains
confidentiality and integrity, but loses utility).
Core Security Concepts & Risk Management
The Four Types of Attacks
• Interception: An unauthorized entity gains access to an asset (attack on confidentiality).
• Interruption: An asset is destroyed or becomes unavailable/unusable (attack on
availability).
• Modification: An unauthorized entity tampers with or alters an asset (attack on integrity).
• Fabrication: An unauthorized entity inserts counterfeit objects or malicious data into a
system (attack on integrity/authenticity).
Risk, Vulnerability, and Threats
• Threat: A potential force or event that has the capability to cause harm to assets.
• Vulnerability: A logical, physical, or operational weakness that can be exploited by a
threat.
• Risk: The calculated likelihood that a threat will successfully exploit a vulnerability. [
Risk Management Process
1. Identify Assets: Determine what needs protection (People and Data are always prioritized
over Hardware and Software).
2. Identify Threats & Vulnerabilities: Map out what could go wrong.
3. Analyze Risk & Impact: Determine the likelihood and cost of an exploit.
4. Put Controls / Countermeasures in Place: Mitigate, transfer, accept, or avoid the risk.
Key Sample Questions & Verified Answers
The 139-question study guide highlights these high-yield scenarios:
• Integrity is compromised by unauthorized data alteration.
• Interruption attacks (e.g., DoS) target availability.
• Honeypots are used to lure and study attacker methods.
• VPNs protect data in motion.
2
, • Port scanners identify active devices and OS versions.
• SQL injection is a classic server-side attack.
Incident Response Stages
The 6-step incident response cycle includes: Preparation, Detection/Analysis, Containment,
Eradication, Recovery, and Post-Incident Activity.
Quiz_________________?
Accountability -
ANSWER✅
Identification, Authentication, Authorization, and Access.
Quiz_________________?
Administrative Controls -
ANSWER✅
Procedures implemented to define the roles, responsibilities, policies, and administrative
functions needed to manage the control environment.
Quiz_________________?
Application Protocol Intrusion Detection System (APIDS) -
ANSWER✅
Focuses its monitoring and analysis on a specific application protocol or protocols in use by
the computing system.
3
, Quiz_________________?
Asymmetric Cryptography -
ANSWER✅
Utilizes two keys: a public key and a private key. The public key is used to encrypt data sent
from the sender to the receiver and is shared with everyone. Private keys are used to
decrypt data that arrives at the receiving end and are very carefully guarded by the receive
Quiz_________________?
Asymmetric Key Algorithms -
ANSWER✅
1. Secure Sockets Layer (RSA) by Ron Rivest, Adi Shamir, and Leonard Adleman
2. Elliptic Curve Cryptography (ECC) - can secure all browser connections to the Web
servers
3. ElGamal
4. Diffie-Hellman
5. DSS
6. Pretty Good Privacy (PGP)
7. Transport Layer Security (TLS)
8. Voice over IP (VoIP)
Quiz_________________?
4
heavily on foundational cybersecurity concepts. This is highly regarded "Overly Informative 139
Question & Answers Study Guide" Set focuses primarily on the core cybersecurity pillars,
attack types, and risk management processes is required to pass the assessment.
Below is the definitive breakdown of the most critical exam descriptions, core concepts, and
representative questions from that 139-question test bank.
The Core Triads & Models
This exam places immense weight on distinguishing between the foundational information security
frameworks.
The CIA Triad
The core model of all information security.
• Confidentiality: Protecting data from unauthorized viewing (e.g., thwarted by shoulder
surfing, unencrypted emails, or data breaches).
• Integrity: Keeping data unaltered by accidental or malicious intent (e.g., thwarted by
unauthorized database modifications or file tampering).
• Availability: Ensuring authorized users have reliable, timely access to data and systems
when needed.
The Parkerian Hexad
An expanded model adding three additional principles to the CIA Triad:
• Possession or Control: The physical holding or licensing of an asset, separate from
confidentiality (e.g., a stolen encrypted laptop means loss of possession, but not necessarily
loss of confidentiality).
1
, • Authenticity: Verification of the data creator or sender (ensuring data is genuine and from
the stated source).
• Utility: The usefulness of the data (e.g., encrypted data for which the key is lost retains
confidentiality and integrity, but loses utility).
Core Security Concepts & Risk Management
The Four Types of Attacks
• Interception: An unauthorized entity gains access to an asset (attack on confidentiality).
• Interruption: An asset is destroyed or becomes unavailable/unusable (attack on
availability).
• Modification: An unauthorized entity tampers with or alters an asset (attack on integrity).
• Fabrication: An unauthorized entity inserts counterfeit objects or malicious data into a
system (attack on integrity/authenticity).
Risk, Vulnerability, and Threats
• Threat: A potential force or event that has the capability to cause harm to assets.
• Vulnerability: A logical, physical, or operational weakness that can be exploited by a
threat.
• Risk: The calculated likelihood that a threat will successfully exploit a vulnerability. [
Risk Management Process
1. Identify Assets: Determine what needs protection (People and Data are always prioritized
over Hardware and Software).
2. Identify Threats & Vulnerabilities: Map out what could go wrong.
3. Analyze Risk & Impact: Determine the likelihood and cost of an exploit.
4. Put Controls / Countermeasures in Place: Mitigate, transfer, accept, or avoid the risk.
Key Sample Questions & Verified Answers
The 139-question study guide highlights these high-yield scenarios:
• Integrity is compromised by unauthorized data alteration.
• Interruption attacks (e.g., DoS) target availability.
• Honeypots are used to lure and study attacker methods.
• VPNs protect data in motion.
2
, • Port scanners identify active devices and OS versions.
• SQL injection is a classic server-side attack.
Incident Response Stages
The 6-step incident response cycle includes: Preparation, Detection/Analysis, Containment,
Eradication, Recovery, and Post-Incident Activity.
Quiz_________________?
Accountability -
ANSWER✅
Identification, Authentication, Authorization, and Access.
Quiz_________________?
Administrative Controls -
ANSWER✅
Procedures implemented to define the roles, responsibilities, policies, and administrative
functions needed to manage the control environment.
Quiz_________________?
Application Protocol Intrusion Detection System (APIDS) -
ANSWER✅
Focuses its monitoring and analysis on a specific application protocol or protocols in use by
the computing system.
3
, Quiz_________________?
Asymmetric Cryptography -
ANSWER✅
Utilizes two keys: a public key and a private key. The public key is used to encrypt data sent
from the sender to the receiver and is shared with everyone. Private keys are used to
decrypt data that arrives at the receiving end and are very carefully guarded by the receive
Quiz_________________?
Asymmetric Key Algorithms -
ANSWER✅
1. Secure Sockets Layer (RSA) by Ron Rivest, Adi Shamir, and Leonard Adleman
2. Elliptic Curve Cryptography (ECC) - can secure all browser connections to the Web
servers
3. ElGamal
4. Diffie-Hellman
5. DSS
6. Pretty Good Privacy (PGP)
7. Transport Layer Security (TLS)
8. Voice over IP (VoIP)
Quiz_________________?
4
