WGU D430 fundamentals of information security
with Complete Questions and Answer with
Detailed Rationales Already Graded A+ |
2026/2027 updated
Information security
protecting data, software, and hardware secure against unauthorized access, use, disclosure,
disruption, modification, or destruction.
Compliance
The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government
agencies
DAD Triad
Disclosure, alteration, and denial
CIA Triad
The core model of all information security concepts. Confidential, integrity and availability
Confidential
Ability to protect our data from those who are not authorized to view it.
What ways can confidentiality be compromised?
- lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity
Keeping data unaltered by accidental or malicious intent
,How to maintain integrity?
Prevent unauthorized changes to the data and the ability to reverse unwanted authorized
changes.
Via system/file permissions or Undo/Roll back undesirable changes.
Availability
The ability to access data when needed
Ways Availability can be compromised
- Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS)
Security problem in which users are not able to access an information system; can be caused by
human errors, natural disaster, or malicious activity.
Parkerian hexad model
A model that adds three more principles to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control
Refers to the physical disposition of the media on which the data is stored; This allows you to
discuss loss of data via its physical medium.
Principle of Possession example
Lost package (encrypted USB's and unencrypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is compromised
only via possession).
, Principle of Authenticity
Allows you to say whether you've attributed the data in question to the proper owner/creator.
Ways authenticity can be compromised
Sending an email but altering the message to look like it came from someone else, than the
original one that was sent.
Utility
How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
Security Attacks
Broken down from the type of attack, risk the attack represents, and controls you might use to
mitigate it.
Types of attacks
1- interception
2- interruption
3- modification
4- fabrication
Interception
Attacks allows unauthorized users to access our data, applications, or environments.
Primarily an attack against confidentiality
Interception Attack Examples
Unauthorized file viewing, copying, eavesdropping on phone conversations, reading someone's
emails.
Interruption
Attacks cause our assets to become unstable or unavailable for our use, on a temporary or
permanent basis.
This attack affects availability but can also attack integrity
Interruption Attack Examples
DoS attack on a mail server; availability attack
with Complete Questions and Answer with
Detailed Rationales Already Graded A+ |
2026/2027 updated
Information security
protecting data, software, and hardware secure against unauthorized access, use, disclosure,
disruption, modification, or destruction.
Compliance
The requirements that are set forth by laws and industry regulations.
IE: HIPPA/ HITECH- healthcare, PCI/DSS- payment card industry, FISMA- federal government
agencies
DAD Triad
Disclosure, alteration, and denial
CIA Triad
The core model of all information security concepts. Confidential, integrity and availability
Confidential
Ability to protect our data from those who are not authorized to view it.
What ways can confidentiality be compromised?
- lose a personal laptop with data
- Person can view your password you are entering in
- Send an email attachment to the wrong person.
- Attacker can penetrate your systems....etc.
integrity
Keeping data unaltered by accidental or malicious intent
,How to maintain integrity?
Prevent unauthorized changes to the data and the ability to reverse unwanted authorized
changes.
Via system/file permissions or Undo/Roll back undesirable changes.
Availability
The ability to access data when needed
Ways Availability can be compromised
- Power loss
- Application issues
- Network attacks
- System compromised (DoS)
Denial of Service (DoS)
Security problem in which users are not able to access an information system; can be caused by
human errors, natural disaster, or malicious activity.
Parkerian hexad model
A model that adds three more principles to the CIA triad:
Possession/Control
Utility
Authenticity
Possession/ control
Refers to the physical disposition of the media on which the data is stored; This allows you to
discuss loss of data via its physical medium.
Principle of Possession example
Lost package (encrypted USB's and unencrypted USB's)
possession is an issue because the tapes are physically lost.
(Unencrypted is compromised via confidentiality and possession; encrypted is compromised
only via possession).
, Principle of Authenticity
Allows you to say whether you've attributed the data in question to the proper owner/creator.
Ways authenticity can be compromised
Sending an email but altering the message to look like it came from someone else, than the
original one that was sent.
Utility
How useful the data is to you.
Ex. Unencrypted (a lot of utility) Encrypted (little utility).
Security Attacks
Broken down from the type of attack, risk the attack represents, and controls you might use to
mitigate it.
Types of attacks
1- interception
2- interruption
3- modification
4- fabrication
Interception
Attacks allows unauthorized users to access our data, applications, or environments.
Primarily an attack against confidentiality
Interception Attack Examples
Unauthorized file viewing, copying, eavesdropping on phone conversations, reading someone's
emails.
Interruption
Attacks cause our assets to become unstable or unavailable for our use, on a temporary or
permanent basis.
This attack affects availability but can also attack integrity
Interruption Attack Examples
DoS attack on a mail server; availability attack
