WGU D430 FUNDAMENTALS OF
INFORMATION SECURITY ACTUAL
FINAL EXAM|LATEST UPDATE 2024-
2025|BRAND NEW VERIFIED EXAM
QUESTIONS AND CORRECT ANSWERS
ALL GRADED A+|GUARANTEED
SUCCESS
explain PCI DCS - ANSWER-✅An information security standard used to handle credit
card payments.
explain HIPAA - ANSWER-✅For organizations that set a standard to protect sensitive
healthcare and patient records
explain FISMA (Federal Information Security Management Act) - ANSWER-✅Defines
security standards for many federal agencies in the U.S.
Mandates government agencies to protect information systems.
regulates federal departments in the United States.
Describe CIA triad - ANSWER-✅Confidentiality, Integrity, Availability- A Security
concept in infosec.
Confidentiality - ANSWER-✅Our ability to protect our data from those who are not
authorized to view it.
Integrity - ANSWER-✅The ability to prevent people from changing your data in an
unauthorized or desirable manner.
Availability - ANSWER-✅The ability to access our data when we need it.
Describe Parkerian Hexad - ANSWER-✅Possession/control, Authenticity, and Utility,
Confidentiality, Integrity, Availability.
,Possession/Control - ANSWER-✅The physical disposition of the media on which the
data is stored
Authenticity - ANSWER-✅Allows you to say whether you've attributed the data in
question to the proper owner or creator.
Utility - ANSWER-✅How useful the data is to you.
Types of attacks in CIA categories - ANSWER-✅C-Interception
I- Interruption, Modification, Fabrication
A-Interruption, Modification, Fabrication
Types of control - ANSWER-✅Physical, Logical/Technical, and Administrative control
physical control example - ANSWER-✅fences, gates, locks, guard
Logical/Technical control example - ANSWER-✅passwords, encryption, firewalls,
access controls, IDS
Administrative control example - ANSWER-✅rules, laws, policies, procedures,
guidelines
Incident Response process - ANSWER-✅Preparation, Detection and analysis,
Containment, Eradication, Recover, Post-incident activity.
What is Defense in depth - ANSWER-✅multilayered defense
What is a "Sandbox" - ANSWER-✅An isolated environment that protects a set of
resources
What is FTP (File Transfer Protocol) used for? - ANSWER-✅Used to transfer files
How ports does FTP use - ANSWER-✅port 20 & 21
What is IMAP (Internet Message Access Protocol) used for? - ANSWER-✅managing
email.
what port does IMAP use - ANSWER-✅port 143
What is SSH (Secure Shell) used for? - ANSWER-✅To manage remote connections to
systems
What port does SSH use? - ANSWER-✅port 22
, What is a clickjacking attack? - ANSWER-✅A client side attack where a user can be
tricked into clicking on something without realizing that they did
For Clickjacking, the attacker must take control of ________ or a portion of
________ to place an invisible layer over something the client would normally click
on. - ANSWER-✅The website, the website
Give an example of a CSRF (Cross-site request forgery) attack - ANSWER-✅An
attacker embedding a link on a webpage or email, executing additional commands
the attacker embedded.
Describe DAC (DISCRECTIONary access control) - ANSWER-✅The owner of the
resource determines who gets access to it and to what levels. (Under owners
discretion)
what are the 6 main access control modes. - ANSWER-✅Role-based access control,
Rule-based access control (RBAC), Discretionary access control (DAC), Mandatory
access control (MAC), and Attribute-based control (ABAC),
Multilevel Access Control
What are Access Control Models - ANSWER-✅A way of determining who should b
allowed access to what resources.
What is rule-based access control? - ANSWER-✅Allows access according to a set of
rules defined by the system administrator
what is Role based Access Control (RBAC) - ANSWER-✅allows access based on the
role.
example of Role-Based Access Control - ANSWER-✅employee having access only to
complete a certain task.
what is Attribute-Based Access Control (ABAC)? - ANSWER-✅Access based on
specific attributes of a person, resource, or environment. (ex: CAPTCHA)
examples of (RBAC) attributes - ANSWER-✅Subject attribute: "You must be this tall
to ride this ride";
Resource attribute: CAPTCHA
Environmental attributes: Business Hours, VPN time limits
example of Mandatory access control - ANSWER-✅Secret or Top secret clearance.
explain Multilevel Access Control - ANSWER-✅Access control combined across
other models.
, How is deterrence achieved? - ANSWER-✅by discouraging an action or event
though fear of being caught
example of Deterrence - ANSWER-✅clock in time cards, Badge ins to avoid stealing
work time.
Explain Nonrepudiation - ANSWER-✅not being able to deny an action due to
evidence that an act has taken place.
Example of Nonrepudiation - ANSWER-✅read receipts, digital signatures of
documents.
What does a substitution cipher do? - ANSWER-✅substitutes letters of the alphabet
with a different one.
describe Casear cipher - ANSWER-✅shifting each letter of the message by a certain
number of spaces.
how many spaces does a ROT13 cipher move letters - ANSWER-✅13
Symmetric Cryptography is also known as - ANSWER-✅Private Key cryptography
describe symmetric cryptography - ANSWER-✅1. single key use
2. encrypts plaintext and decrypt ciphertext
3.Weakness is key exchange
describe key exchange - ANSWER-✅Sharing the key between the sender and
receiver
Describe Block cipher - ANSWER-✅type of symmertric cryptography that takes
binary digits or blocks and encrypts it.
describe stream cipher - ANSWER-✅type of symmetric cryptography that encrypts
each bit in the plain text one bit at a time.
Block vs stream ciphers - ANSWER-✅1. block encrypts a block at a time, stream
cipher encrypts one bit at a time
2.Block is currenlty used
3. block is faster.
4. Block is better used for know file sizes, cipher is better for unknown data size or
continuous stream
most used cryptographic algorithm? - ANSWER-✅symmetric key algorithm
example of symmetric key algorithm - ANSWER-✅DES, 3DES, AES
How may bits used in a DES block cipher key - ANSWER-✅56 bits
