1
WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY EXAM Actual Exam 2026/2027 Complete
Questions and Verified Answers Already Graded A+
Pass Guaranteed - A+ Graded
SECTION 1: INFORMATION SECURITY FUNDAMENTALS (Questions 1-15)
Q1: A company implements a system that requires users to provide both a password and a one-
time code sent to their mobile phone. This is an example of implementing which security
concept?
A. Authorization
B. Multi-factor authentication. [CORRECT]
C. Non-repudiation
D. Accounting
Correct Answer: B
Rationale: Multi-factor authentication (MFA) requires two or more independent factors for
authentication. Password (something you know) and one-time code (something you have)
combine to provide stronger authentication (B). Authorization (A) determines access rights. Non-
repudiation (C) prevents denying actions. Accounting (D) involves logging.
Q2: Which component of the CIA triad ensures that data has not been altered in an unauthorized
manner during transmission or storage?
A. Confidentiality
B. Integrity. [CORRECT]
C. Availability
D. Authenticity
Correct Answer: B
Rationale: Integrity ensures that data is accurate and unaltered, preventing unauthorized
modification or corruption (B). Confidentiality (A) prevents unauthorized disclosure. Availability
(C) ensures timely and reliable access. Authenticity (D) relates to verifying identity.
,2
Q3: A hospital implements an audit logging system that records all user access to patient records,
including who accessed what data and when. This system primarily supports which security
principle?
A. Confidentiality
B. Integrity
C. Availability
D. Accounting. [CORRECT]
Correct Answer: D
Rationale: Accounting (or auditing) involves logging and monitoring user activities to track
actions and maintain accountability (D). While logs support integrity and non-repudiation, the
primary function described is accounting.
Q4: Which security concept prevents a user from denying that they performed a specific action,
such as sending an email or approving a transaction?
A. Authentication
B. Authorization
C. Non-repudiation. [CORRECT]
D. Confidentiality
Correct Answer: C
Rationale: Non-repudiation provides proof of origin and prevents the sender from denying they
performed an action, typically through digital signatures and audit trails (C). Authentication (A)
verifies identity. Authorization (B) determines access rights.
Q5: In the AAA framework, what does "Authorization" specifically refer to?
A. Verifying a user's identity
B. Determining what resources a user can access after authentication. [CORRECT]
C. Logging user activities
D. Encrypting user credentials
Correct Answer: B
Rationale: Authorization occurs after authentication and determines what resources, actions, or
data a verified user is permitted to access (B). Authentication (A) verifies identity. Accounting
(C) involves logging.
,3
Q6: A company policy states that only senior managers can access financial reports, and access
is granted based on job role. This is an example of:
A. Discretionary Access Control
B. Role-Based Access Control. [CORRECT]
C. Mandatory Access Control
D. Attribute-Based Access Control
Correct Answer: B
Rationale: Role-Based Access Control (RBAC) grants permissions based on job roles rather
than individual identity (B). Discretionary Access Control (A) allows data owners to set
permissions. Mandatory Access Control (C) uses system-enforced labels.
Q7: Which of the following best describes the security governance principle of "separation of
duties"?
A. Requiring two people to complete a critical task to prevent fraud. [CORRECT]
B. Encrypting data at rest and in transit
C. Implementing multi-factor authentication
D. Creating redundant systems for high availability
Correct Answer: A
Rationale: Separation of duties divides critical tasks among multiple people to prevent fraud,
errors, or unauthorized actions by a single individual (A). This is an administrative control that
reduces insider threat risk.
Q8: A security framework that provides high-level organizational direction, establishes security
vision and strategy, and defines roles and responsibilities is known as:
A. Security governance. [CORRECT]
B. Risk management
C. Incident response
D. Business continuity planning
Correct Answer: A
Rationale: Security governance establishes the organizational framework for security, including
vision, strategy, policies, and accountability structures (A). Risk management (B) focuses on
identifying and treating risks.
, 4
Q9: Which element of the CIA triad is primarily concerned with ensuring that authorized users
can access systems and data when needed?
A. Confidentiality
B. Integrity
C. Availability. [CORRECT]
D. Non-repudiation
Correct Answer: C
Rationale: Availability ensures that systems, data, and services are accessible to authorized users
when required, addressing uptime, reliability, and redundancy (C). This includes protection
against DDoS attacks and system failures.
Q10: An organization implements a system where users must present a smart card and enter a
PIN to access secure areas. This combines which two authentication factors?
A. Something you know and something you are
B. Something you have and something you know. [CORRECT]
C. Something you are and somewhere you are
D. Something you have and something you are
Correct Answer: B
Rationale: Smart card (something you have) plus PIN (something you know) combines
possession and knowledge factors (B). This is two-factor authentication (2FA), a subset of MFA.
Q11: Which security principle ensures that users have only the minimum access necessary to
perform their job functions?
A. Separation of duties
B. Least privilege. [CORRECT]
C. Defense in depth
D. Need to know
Correct Answer: B
Rationale: Least privilege restricts users to the minimum access rights required for their specific
job functions, limiting potential damage from compromised accounts (B). Need to know (D) is
similar but focuses on data access specifically.
Q12: A digital signature provides which security services?
WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY EXAM Actual Exam 2026/2027 Complete
Questions and Verified Answers Already Graded A+
Pass Guaranteed - A+ Graded
SECTION 1: INFORMATION SECURITY FUNDAMENTALS (Questions 1-15)
Q1: A company implements a system that requires users to provide both a password and a one-
time code sent to their mobile phone. This is an example of implementing which security
concept?
A. Authorization
B. Multi-factor authentication. [CORRECT]
C. Non-repudiation
D. Accounting
Correct Answer: B
Rationale: Multi-factor authentication (MFA) requires two or more independent factors for
authentication. Password (something you know) and one-time code (something you have)
combine to provide stronger authentication (B). Authorization (A) determines access rights. Non-
repudiation (C) prevents denying actions. Accounting (D) involves logging.
Q2: Which component of the CIA triad ensures that data has not been altered in an unauthorized
manner during transmission or storage?
A. Confidentiality
B. Integrity. [CORRECT]
C. Availability
D. Authenticity
Correct Answer: B
Rationale: Integrity ensures that data is accurate and unaltered, preventing unauthorized
modification or corruption (B). Confidentiality (A) prevents unauthorized disclosure. Availability
(C) ensures timely and reliable access. Authenticity (D) relates to verifying identity.
,2
Q3: A hospital implements an audit logging system that records all user access to patient records,
including who accessed what data and when. This system primarily supports which security
principle?
A. Confidentiality
B. Integrity
C. Availability
D. Accounting. [CORRECT]
Correct Answer: D
Rationale: Accounting (or auditing) involves logging and monitoring user activities to track
actions and maintain accountability (D). While logs support integrity and non-repudiation, the
primary function described is accounting.
Q4: Which security concept prevents a user from denying that they performed a specific action,
such as sending an email or approving a transaction?
A. Authentication
B. Authorization
C. Non-repudiation. [CORRECT]
D. Confidentiality
Correct Answer: C
Rationale: Non-repudiation provides proof of origin and prevents the sender from denying they
performed an action, typically through digital signatures and audit trails (C). Authentication (A)
verifies identity. Authorization (B) determines access rights.
Q5: In the AAA framework, what does "Authorization" specifically refer to?
A. Verifying a user's identity
B. Determining what resources a user can access after authentication. [CORRECT]
C. Logging user activities
D. Encrypting user credentials
Correct Answer: B
Rationale: Authorization occurs after authentication and determines what resources, actions, or
data a verified user is permitted to access (B). Authentication (A) verifies identity. Accounting
(C) involves logging.
,3
Q6: A company policy states that only senior managers can access financial reports, and access
is granted based on job role. This is an example of:
A. Discretionary Access Control
B. Role-Based Access Control. [CORRECT]
C. Mandatory Access Control
D. Attribute-Based Access Control
Correct Answer: B
Rationale: Role-Based Access Control (RBAC) grants permissions based on job roles rather
than individual identity (B). Discretionary Access Control (A) allows data owners to set
permissions. Mandatory Access Control (C) uses system-enforced labels.
Q7: Which of the following best describes the security governance principle of "separation of
duties"?
A. Requiring two people to complete a critical task to prevent fraud. [CORRECT]
B. Encrypting data at rest and in transit
C. Implementing multi-factor authentication
D. Creating redundant systems for high availability
Correct Answer: A
Rationale: Separation of duties divides critical tasks among multiple people to prevent fraud,
errors, or unauthorized actions by a single individual (A). This is an administrative control that
reduces insider threat risk.
Q8: A security framework that provides high-level organizational direction, establishes security
vision and strategy, and defines roles and responsibilities is known as:
A. Security governance. [CORRECT]
B. Risk management
C. Incident response
D. Business continuity planning
Correct Answer: A
Rationale: Security governance establishes the organizational framework for security, including
vision, strategy, policies, and accountability structures (A). Risk management (B) focuses on
identifying and treating risks.
, 4
Q9: Which element of the CIA triad is primarily concerned with ensuring that authorized users
can access systems and data when needed?
A. Confidentiality
B. Integrity
C. Availability. [CORRECT]
D. Non-repudiation
Correct Answer: C
Rationale: Availability ensures that systems, data, and services are accessible to authorized users
when required, addressing uptime, reliability, and redundancy (C). This includes protection
against DDoS attacks and system failures.
Q10: An organization implements a system where users must present a smart card and enter a
PIN to access secure areas. This combines which two authentication factors?
A. Something you know and something you are
B. Something you have and something you know. [CORRECT]
C. Something you are and somewhere you are
D. Something you have and something you are
Correct Answer: B
Rationale: Smart card (something you have) plus PIN (something you know) combines
possession and knowledge factors (B). This is two-factor authentication (2FA), a subset of MFA.
Q11: Which security principle ensures that users have only the minimum access necessary to
perform their job functions?
A. Separation of duties
B. Least privilege. [CORRECT]
C. Defense in depth
D. Need to know
Correct Answer: B
Rationale: Least privilege restricts users to the minimum access rights required for their specific
job functions, limiting potential damage from compromised accounts (B). Need to know (D) is
similar but focuses on data access specifically.
Q12: A digital signature provides which security services?
