WGU C836 FUNDAMENTALS OF
INFORMATION SECURITY TEST
PAPER 2026 COMPLETE 300
QUESTIONS AND VERIFIED
ANSWERS GRADED A+
◉ Parkerian hexad. Answer: Where the CIA triad consists of
confidentiality, integrity, and availability, the Parkerian hexad consists
of these three principles, as well as possession or control, authenticity,
and utility
◉ Confidentiality. Answer: Refers to our ability to protect our data from
those who are not authorized to view it.
Confidentiality can be compromised by the loss of a laptop containing
data, a person looking over our shoulder while we type a password, an
e-mail attachment being sent to the wrong person, an attacker
penetrating our systems, or similar issues.
◉ Integrity. Answer: Refers to the ability to prevent our data from
being changed in an unauthorized or undesirable manner. This could
mean the unauthorized change or deletion of our data or portions of
our data, or it could mean an authorized, but undesirable, change or
deletion of our data. To maintain integrity, we not only need to have
the means to prevent unauthorized changes to our data but also need
the ability to reverse authorized changes that need to be undone.
,◉ Availability. Answer: refers to the ability to access our data when we
need it. Loss of availability can refer to a wide variety of breaks
anywhere in the chain that allows us access to our data. Such issues can
result from power loss, operating system or application problems,
network attacks, compromise of a system, or other problems. When
such issues are caused by an outside party, such as an attacker, they
are commonly referred to as a denial of service (DoS) attack.
◉ Possession or Control. Answer: Refers to the physical disposition of
the media on which the data is stored. This enables us, without
involving other factors such as availability, to discuss our loss of the
data in its physical medium
An example is data store be on multiple devices and there could be
numerous versions.
◉ Authenticity. Answer: Attribution as to the owner or creator of the
data in question.
Authenticity can be enforced through the use of digital signatures.
◉ Utility. Answer: Refers to how useful the data is to us.
,◉ Interception. Answer: Interception attacks allow unauthorized users
to access our data, applications, or environments and are primarily an
attack against confidentiality. Interception might take the form of
unauthorized file viewing or copying, eavesdropping on phone
conversations, or reading e-mail, and can be conducted against data at
rest or in motion. Properly executed, interception attacks can be very
difficult to detect.
Affects Confidentiality
◉ Interruption. Answer: Interruption attacks cause our assets to
become unusable or unavailable for our use, on a temporary or
permanent basis. Interruption attacks often affect availability but can
be an attack on integrity as well. In the case of a DoS attack on a mail
server, we would classify this as an availability attack.
Affects Integrity and availability
◉ Modification. Answer: Modification attacks involve tampering with
our asset. If we access a file in an unauthorized manner and alter the
data it contains, we have affected the integrity of the data contained in
the file.
◉ Fabrication. Answer: Fabrication attacks involve generating data,
processes, communications, or other similar activities with a system.
Fabrication attacks primarily affect integrity but could be considered an
, availability attack as well. If we generate spurious information in a
database, this would be considered to be a fabrication attack.
Affects Integrity and Availability
◉ Threat. Answer: Something that has potential to cause harm
◉ Vulnerability. Answer: Weaknesses that can be used to harm us
◉ Risk. Answer: Likeliness that something bad will happen
◉ Impact. Answer: The value of the asset is used to assess if a risk is
present
◉ Something you know. Answer: Password or PIN
◉ Something you are. Answer: An authentication factor using
biometrics, such as a fingerprint scanner.
◉ Something you have. Answer: Authentication factor that relies on
possession (FOB, Card, Cell Phone, Key)
INFORMATION SECURITY TEST
PAPER 2026 COMPLETE 300
QUESTIONS AND VERIFIED
ANSWERS GRADED A+
◉ Parkerian hexad. Answer: Where the CIA triad consists of
confidentiality, integrity, and availability, the Parkerian hexad consists
of these three principles, as well as possession or control, authenticity,
and utility
◉ Confidentiality. Answer: Refers to our ability to protect our data from
those who are not authorized to view it.
Confidentiality can be compromised by the loss of a laptop containing
data, a person looking over our shoulder while we type a password, an
e-mail attachment being sent to the wrong person, an attacker
penetrating our systems, or similar issues.
◉ Integrity. Answer: Refers to the ability to prevent our data from
being changed in an unauthorized or undesirable manner. This could
mean the unauthorized change or deletion of our data or portions of
our data, or it could mean an authorized, but undesirable, change or
deletion of our data. To maintain integrity, we not only need to have
the means to prevent unauthorized changes to our data but also need
the ability to reverse authorized changes that need to be undone.
,◉ Availability. Answer: refers to the ability to access our data when we
need it. Loss of availability can refer to a wide variety of breaks
anywhere in the chain that allows us access to our data. Such issues can
result from power loss, operating system or application problems,
network attacks, compromise of a system, or other problems. When
such issues are caused by an outside party, such as an attacker, they
are commonly referred to as a denial of service (DoS) attack.
◉ Possession or Control. Answer: Refers to the physical disposition of
the media on which the data is stored. This enables us, without
involving other factors such as availability, to discuss our loss of the
data in its physical medium
An example is data store be on multiple devices and there could be
numerous versions.
◉ Authenticity. Answer: Attribution as to the owner or creator of the
data in question.
Authenticity can be enforced through the use of digital signatures.
◉ Utility. Answer: Refers to how useful the data is to us.
,◉ Interception. Answer: Interception attacks allow unauthorized users
to access our data, applications, or environments and are primarily an
attack against confidentiality. Interception might take the form of
unauthorized file viewing or copying, eavesdropping on phone
conversations, or reading e-mail, and can be conducted against data at
rest or in motion. Properly executed, interception attacks can be very
difficult to detect.
Affects Confidentiality
◉ Interruption. Answer: Interruption attacks cause our assets to
become unusable or unavailable for our use, on a temporary or
permanent basis. Interruption attacks often affect availability but can
be an attack on integrity as well. In the case of a DoS attack on a mail
server, we would classify this as an availability attack.
Affects Integrity and availability
◉ Modification. Answer: Modification attacks involve tampering with
our asset. If we access a file in an unauthorized manner and alter the
data it contains, we have affected the integrity of the data contained in
the file.
◉ Fabrication. Answer: Fabrication attacks involve generating data,
processes, communications, or other similar activities with a system.
Fabrication attacks primarily affect integrity but could be considered an
, availability attack as well. If we generate spurious information in a
database, this would be considered to be a fabrication attack.
Affects Integrity and Availability
◉ Threat. Answer: Something that has potential to cause harm
◉ Vulnerability. Answer: Weaknesses that can be used to harm us
◉ Risk. Answer: Likeliness that something bad will happen
◉ Impact. Answer: The value of the asset is used to assess if a risk is
present
◉ Something you know. Answer: Password or PIN
◉ Something you are. Answer: An authentication factor using
biometrics, such as a fingerprint scanner.
◉ Something you have. Answer: Authentication factor that relies on
possession (FOB, Card, Cell Phone, Key)
