[WGU D430 SCENARIO BASED QUESTION PRACTICE EXAM,
MOST TESTED QUESTIONS] COMPLETE EXAM QUESTIONS
AND VERIFIED ANSWERS | 2026–2027 LATEST UPDATE |
GUARANTEED PASS | DETAILED RATIONALES | FULL STUDY
GUIDE | EXAM PREP | PRACTICE TEST | CERTIFICATION
PREPARATION
Section One (Questions 1–50)
1. A company is creating its first information security program. Which action should be completed
first?
A. Purchase endpoint security software
B. Develop security policies and governance requirements
C. Conduct annual penetration testing
D. Encrypt all employee laptops
Correct Answer: B. Develop security policies and governance requirements
Rationale: Policies establish expectations, responsibilities, and controls that guide all other security
activities. Technology solutions and testing efforts should align with organizational governance
requirements.
2. An employee receives an email requesting confidential customer data from an unknown sender.
What is the best immediate action?
A. Reply and request verification
B. Forward the information to management
C. Report the email as a phishing attempt
D. Ignore the email and continue working
Correct Answer: C. Report the email as a phishing attempt
Rationale: Reporting suspected phishing attempts helps protect the organization and enables security
teams to investigate. Responding or providing information could increase risk.
3. Which security principle ensures that authorized users can access systems when needed?
A. Availability
B. Integrity
C. Authentication
D. Nonrepudiation
Correct Answer: A. Availability
Rationale: Availability focuses on ensuring systems and data remain accessible to authorized users.
Integrity protects accuracy, while authentication verifies identity.
4. A system administrator grants users only the permissions required for their jobs. Which concept
is being applied?
A. Separation of duties
B. Defense in depth
,C. Least privilege
D. Risk transference
Correct Answer: C. Least privilege
Rationale: Least privilege limits access rights to the minimum necessary. This reduces the potential
impact of errors, misuse, or compromised accounts.
5. A healthcare organization must protect patient records from unauthorized disclosure. Which
security objective is most directly involved?
A. Confidentiality
B. Availability
C. Scalability
D. Performance
Correct Answer: A. Confidentiality
Rationale: Confidentiality protects sensitive information from unauthorized access. Patient records
are considered highly sensitive data requiring strict protection.
6. What is the primary purpose of multifactor authentication (MFA)?
A. Improve network performance
B. Reduce storage requirements
C. Increase password complexity
D. Provide additional identity verification
Correct Answer: D. Provide additional identity verification
Rationale: MFA combines multiple authentication factors, making unauthorized access more difficult
even if a password is compromised.
7. A security analyst identifies a software flaw that could be exploited. How should the flaw be
classified?
A. Threat
B. Vulnerability
C. Asset
D. Control
Correct Answer: B. Vulnerability
Rationale: A vulnerability is a weakness that could be exploited by a threat. Threats exploit
vulnerabilities to impact assets.
8. Which example represents a physical security control?
A. Firewall
B. Antivirus software
C. Security camera system
D. Data encryption
Correct Answer: C. Security camera system
Rationale: Cameras help monitor and protect physical environments. Firewalls, antivirus tools, and
encryption are logical controls.
, 9. A company purchases cyber insurance to offset potential financial losses from security incidents.
Which risk response strategy is being used?
A. Acceptance
B. Avoidance
C. Mitigation
D. Transfer
Correct Answer: D. Transfer
Rationale: Cyber insurance transfers part of the financial risk to a third party. The organization still
retains some responsibility but reduces potential losses.
10. Which type of malware is designed to encrypt files and demand payment for recovery?
A. Worm
B. Trojan
C. Ransomware
D. Spyware
Correct Answer: C. Ransomware
Rationale: Ransomware encrypts data and demands payment. Organizations should maintain
backups and implement preventive controls to reduce impact.
11. During a risk assessment, what is the primary purpose of identifying organizational assets?
A. Reduce software licensing costs
B. Determine what requires protection
C. Increase employee productivity
D. Improve network speed
Correct Answer: B. Determine what requires protection
Rationale: Risk management begins with understanding valuable assets so appropriate safeguards
can be applied.
12. Which access control model assigns permissions based on job responsibilities?
A. Mandatory Access Control
B. Discretionary Access Control
C. Role-Based Access Control
D. Rule-Based Access Control
Correct Answer: C. Role-Based Access Control
Rationale: RBAC simplifies administration by assigning permissions according to organizational roles.
13. A user shares a password with a coworker to meet a project deadline. Which security principle
is violated?
A. Accountability
B. Availability
C. Redundancy
D. Segmentation
Correct Answer: A. Accountability
MOST TESTED QUESTIONS] COMPLETE EXAM QUESTIONS
AND VERIFIED ANSWERS | 2026–2027 LATEST UPDATE |
GUARANTEED PASS | DETAILED RATIONALES | FULL STUDY
GUIDE | EXAM PREP | PRACTICE TEST | CERTIFICATION
PREPARATION
Section One (Questions 1–50)
1. A company is creating its first information security program. Which action should be completed
first?
A. Purchase endpoint security software
B. Develop security policies and governance requirements
C. Conduct annual penetration testing
D. Encrypt all employee laptops
Correct Answer: B. Develop security policies and governance requirements
Rationale: Policies establish expectations, responsibilities, and controls that guide all other security
activities. Technology solutions and testing efforts should align with organizational governance
requirements.
2. An employee receives an email requesting confidential customer data from an unknown sender.
What is the best immediate action?
A. Reply and request verification
B. Forward the information to management
C. Report the email as a phishing attempt
D. Ignore the email and continue working
Correct Answer: C. Report the email as a phishing attempt
Rationale: Reporting suspected phishing attempts helps protect the organization and enables security
teams to investigate. Responding or providing information could increase risk.
3. Which security principle ensures that authorized users can access systems when needed?
A. Availability
B. Integrity
C. Authentication
D. Nonrepudiation
Correct Answer: A. Availability
Rationale: Availability focuses on ensuring systems and data remain accessible to authorized users.
Integrity protects accuracy, while authentication verifies identity.
4. A system administrator grants users only the permissions required for their jobs. Which concept
is being applied?
A. Separation of duties
B. Defense in depth
,C. Least privilege
D. Risk transference
Correct Answer: C. Least privilege
Rationale: Least privilege limits access rights to the minimum necessary. This reduces the potential
impact of errors, misuse, or compromised accounts.
5. A healthcare organization must protect patient records from unauthorized disclosure. Which
security objective is most directly involved?
A. Confidentiality
B. Availability
C. Scalability
D. Performance
Correct Answer: A. Confidentiality
Rationale: Confidentiality protects sensitive information from unauthorized access. Patient records
are considered highly sensitive data requiring strict protection.
6. What is the primary purpose of multifactor authentication (MFA)?
A. Improve network performance
B. Reduce storage requirements
C. Increase password complexity
D. Provide additional identity verification
Correct Answer: D. Provide additional identity verification
Rationale: MFA combines multiple authentication factors, making unauthorized access more difficult
even if a password is compromised.
7. A security analyst identifies a software flaw that could be exploited. How should the flaw be
classified?
A. Threat
B. Vulnerability
C. Asset
D. Control
Correct Answer: B. Vulnerability
Rationale: A vulnerability is a weakness that could be exploited by a threat. Threats exploit
vulnerabilities to impact assets.
8. Which example represents a physical security control?
A. Firewall
B. Antivirus software
C. Security camera system
D. Data encryption
Correct Answer: C. Security camera system
Rationale: Cameras help monitor and protect physical environments. Firewalls, antivirus tools, and
encryption are logical controls.
, 9. A company purchases cyber insurance to offset potential financial losses from security incidents.
Which risk response strategy is being used?
A. Acceptance
B. Avoidance
C. Mitigation
D. Transfer
Correct Answer: D. Transfer
Rationale: Cyber insurance transfers part of the financial risk to a third party. The organization still
retains some responsibility but reduces potential losses.
10. Which type of malware is designed to encrypt files and demand payment for recovery?
A. Worm
B. Trojan
C. Ransomware
D. Spyware
Correct Answer: C. Ransomware
Rationale: Ransomware encrypts data and demands payment. Organizations should maintain
backups and implement preventive controls to reduce impact.
11. During a risk assessment, what is the primary purpose of identifying organizational assets?
A. Reduce software licensing costs
B. Determine what requires protection
C. Increase employee productivity
D. Improve network speed
Correct Answer: B. Determine what requires protection
Rationale: Risk management begins with understanding valuable assets so appropriate safeguards
can be applied.
12. Which access control model assigns permissions based on job responsibilities?
A. Mandatory Access Control
B. Discretionary Access Control
C. Role-Based Access Control
D. Rule-Based Access Control
Correct Answer: C. Role-Based Access Control
Rationale: RBAC simplifies administration by assigning permissions according to organizational roles.
13. A user shares a password with a coworker to meet a project deadline. Which security principle
is violated?
A. Accountability
B. Availability
C. Redundancy
D. Segmentation
Correct Answer: A. Accountability
