WGU D334 OBJECTIVE ASSESSMENT
ACTUAL EXAM 2025/2026 QUESTIONS
WITH VERIFIED CORRECT SOLUTIONS ||
100% GUARANTEED PASS <BRAND NEW
VERSION>
WGU D334 Practice Questions & Answers
1. What is the primary goal of information security's CIA triad?
A) To ensure data is accessible, integrated, and available
B) To maintain the confidentiality, integrity, and availability of information ✓
C) To control, insure, and audit information systems
D) To create, store, and archive data
2. Which of the following is an example of a vulnerability?
A) A hacker running a password-cracking tool
B) A firewall misconfiguration ✓
C) A stolen laptop containing customer data
D) A power outage that shuts down a server
3. A flood that damages a data center is best described as what type of threat?
A) Human Error
B) Environmental ✓
C) Internal Threat
D) Structural
4. Which control type is a firewall?
A) Administrative Control
B) Physical Control
C) Technical Control ✓
D) Corrective Control
5. What is the principle of least privilege?
A) Giving users the minimum level of access necessary to perform their job functions ✓
B) Giving administrators full access to all systems
,C) Requiring users to change their passwords frequently
D) Allowing users to access any system during emergencies
6. Which law governs the protection of health information in the U.S.?
A) Gramm-Leach-Bliley Act (GLBA)
B) Sarbanes-Oxley Act (SOX)
C) Health Insurance Portability and Accountability Act (HIPAA) ✓
D) Payment Card Industry Data Security Standard (PCI DSS)
7. What is the main purpose of a risk assessment?
A) To eliminate all risks
B) To identify and prioritize risks to the organization ✓
C) To purchase cyber insurance
D) To assign blame for security incidents
8. Which risk response strategy involves stopping the activity that causes the risk?
A) Risk Mitigation
B) Risk Acceptance
C) Risk Avoidance ✓
D) Risk Transference
9. What does an Business Impact Analysis (BIA) identify?
A) The exact cost of a security breach
B) The person responsible for a security incident
C) The critical business functions and their recovery requirements ✓
D) The specific vulnerabilities in a network
10. A policy is a high-level statement, while a procedure is...
A) A legal requirement
B) A step-by-step guide for accomplishing a task ✓
C) A type of software
D) An international standard
11. In the context of access control, "something you have" is exemplified by:
A) A password
B) A fingerprint
C) A smart card ✓
D) Your mother's maiden name
12. Multi-factor authentication (MFA) requires:
A) Two passwords
,B) Two or more different types of authentication factors ✓
C) Two forms of identification from the same category
D) Biometric verification only
13. What type of access control model uses rules defined by a security policy?
A) Role-Based Access Control (RBAC)
B) Rule-Based Access Control (RuBAC) ✓
C) Discretionary Access Control (DAC)
D) Mandatory Access Control (MAC)
14. Which protocol is used for centralized authentication, authorization, and accounting?
A) RADIUS ✓
B) SSH
C) TLS
D) SNMP
15. What is the primary purpose of encryption?
A) To compress data for storage
B) To ensure data integrity
C) To protect the confidentiality of data ✓
D) To increase network speed
16. Symmetric encryption uses:
A) Two different keys: one public and one private
B) A single shared key for both encryption and decryption ✓
C) A hashing algorithm
D) No keys
17. Which provides non-repudiation?
A) Hashing
B) Digital Signatures ✓
C) Symmetric Encryption
D) Steganography
18. A hash function is used to:
A) Encrypt a file for transmission
B) Verify the integrity of data ✓
C) Create a digital certificate
D) Establish a secure tunnel
, 19. What is the primary security service provided by TLS/SSL?
A) Load Balancing
B) Secure communication over a network ✓
C) Virus Scanning
D) Data Backup
20. A VPN is primarily used to:
A) Create a private network over a public one ✓
B) Increase internet speed
C) Block malicious websites
D) Host public websites
21. Which device operates at the Network Layer (Layer 3) of the OSI model?
A) Switch
B) Hub
C) Router ✓
D) Bridge
22. What is the purpose of a subnet mask?
A) To identify the network portion of an IP address ✓
B) To hide a computer's IP address
C) To encrypt network traffic
D) To connect to a wireless network
23. Which protocol is used to automatically assign IP addresses to network devices?
A) DNS
B) DHCP ✓
C) FTP
D) HTTP
24. What is the main function of a firewall?
A) To scan for viruses
B) To filter network traffic based on a set of rules ✓
C) To assign IP addresses
D) To provide wireless access
25. An Intrusion Detection System (IDS) is designed to:
A) Block malicious traffic automatically
B) Detect and alert on potential security incidents ✓
ACTUAL EXAM 2025/2026 QUESTIONS
WITH VERIFIED CORRECT SOLUTIONS ||
100% GUARANTEED PASS <BRAND NEW
VERSION>
WGU D334 Practice Questions & Answers
1. What is the primary goal of information security's CIA triad?
A) To ensure data is accessible, integrated, and available
B) To maintain the confidentiality, integrity, and availability of information ✓
C) To control, insure, and audit information systems
D) To create, store, and archive data
2. Which of the following is an example of a vulnerability?
A) A hacker running a password-cracking tool
B) A firewall misconfiguration ✓
C) A stolen laptop containing customer data
D) A power outage that shuts down a server
3. A flood that damages a data center is best described as what type of threat?
A) Human Error
B) Environmental ✓
C) Internal Threat
D) Structural
4. Which control type is a firewall?
A) Administrative Control
B) Physical Control
C) Technical Control ✓
D) Corrective Control
5. What is the principle of least privilege?
A) Giving users the minimum level of access necessary to perform their job functions ✓
B) Giving administrators full access to all systems
,C) Requiring users to change their passwords frequently
D) Allowing users to access any system during emergencies
6. Which law governs the protection of health information in the U.S.?
A) Gramm-Leach-Bliley Act (GLBA)
B) Sarbanes-Oxley Act (SOX)
C) Health Insurance Portability and Accountability Act (HIPAA) ✓
D) Payment Card Industry Data Security Standard (PCI DSS)
7. What is the main purpose of a risk assessment?
A) To eliminate all risks
B) To identify and prioritize risks to the organization ✓
C) To purchase cyber insurance
D) To assign blame for security incidents
8. Which risk response strategy involves stopping the activity that causes the risk?
A) Risk Mitigation
B) Risk Acceptance
C) Risk Avoidance ✓
D) Risk Transference
9. What does an Business Impact Analysis (BIA) identify?
A) The exact cost of a security breach
B) The person responsible for a security incident
C) The critical business functions and their recovery requirements ✓
D) The specific vulnerabilities in a network
10. A policy is a high-level statement, while a procedure is...
A) A legal requirement
B) A step-by-step guide for accomplishing a task ✓
C) A type of software
D) An international standard
11. In the context of access control, "something you have" is exemplified by:
A) A password
B) A fingerprint
C) A smart card ✓
D) Your mother's maiden name
12. Multi-factor authentication (MFA) requires:
A) Two passwords
,B) Two or more different types of authentication factors ✓
C) Two forms of identification from the same category
D) Biometric verification only
13. What type of access control model uses rules defined by a security policy?
A) Role-Based Access Control (RBAC)
B) Rule-Based Access Control (RuBAC) ✓
C) Discretionary Access Control (DAC)
D) Mandatory Access Control (MAC)
14. Which protocol is used for centralized authentication, authorization, and accounting?
A) RADIUS ✓
B) SSH
C) TLS
D) SNMP
15. What is the primary purpose of encryption?
A) To compress data for storage
B) To ensure data integrity
C) To protect the confidentiality of data ✓
D) To increase network speed
16. Symmetric encryption uses:
A) Two different keys: one public and one private
B) A single shared key for both encryption and decryption ✓
C) A hashing algorithm
D) No keys
17. Which provides non-repudiation?
A) Hashing
B) Digital Signatures ✓
C) Symmetric Encryption
D) Steganography
18. A hash function is used to:
A) Encrypt a file for transmission
B) Verify the integrity of data ✓
C) Create a digital certificate
D) Establish a secure tunnel
, 19. What is the primary security service provided by TLS/SSL?
A) Load Balancing
B) Secure communication over a network ✓
C) Virus Scanning
D) Data Backup
20. A VPN is primarily used to:
A) Create a private network over a public one ✓
B) Increase internet speed
C) Block malicious websites
D) Host public websites
21. Which device operates at the Network Layer (Layer 3) of the OSI model?
A) Switch
B) Hub
C) Router ✓
D) Bridge
22. What is the purpose of a subnet mask?
A) To identify the network portion of an IP address ✓
B) To hide a computer's IP address
C) To encrypt network traffic
D) To connect to a wireless network
23. Which protocol is used to automatically assign IP addresses to network devices?
A) DNS
B) DHCP ✓
C) FTP
D) HTTP
24. What is the main function of a firewall?
A) To scan for viruses
B) To filter network traffic based on a set of rules ✓
C) To assign IP addresses
D) To provide wireless access
25. An Intrusion Detection System (IDS) is designed to:
A) Block malicious traffic automatically
B) Detect and alert on potential security incidents ✓
