D430 - Section 4 - Knowledge Checks and Quiz (Actual Exam) Questions with verified Answers (Latest Update 2026) UPDATE!!-WGU

KC: Which term refers to the process of gathering and analyzing information to support business decisions?

Competitive Intelligence

3 multiple choice options

KC: Which term refers to a security and risk management process that prevents sensitive information from getting into the wrong hands?

Operational Security

3 multiple choice options

KC: Which of the following is defined as the practice of managing the range of intelligence-gathering activities directed at an organization?

Competitive Counterintelligence

3 multiple choice options

KC: What is the codename for a study conducted to curtail unauthorized passing of information and is the symbol of OPSEC today?

Purple Dragon

3 multiple choice options

KC: What is the correct order in the 5 steps of the

Operations Security Process ?

1) Identification of critical information;

2) Analysis of threats;

3) Analysis of vulnerabilities;

4) Assessment of risks;

5) Application of countermeasures.

3 multiple choice options

KC: What describes Vulnerability analysis?

The identification of weaknesses that can be used to cause harm.

3 multiple choice options

KC: What is the weakest link in a security program?

People

3 multiple choice options

KC: Which type of attack is conducted on people to gather information?

Social Engineering

3 multiple choice options

KC: Which type of attack uses malicious social engineering, such as an email or link that tricks the victim into sending a forged request to a server?

e.g. victim opens link to a fake website that looks legitimate, but actually transfers funds to an attacker's account

Cross site request forgery (CSRF)

3 multiple choice options

KC: Which type of attack is a malicious practice of manipulating a website user's activity by concealing hyperlinks beneath legitimate clickable content?

This attack is NOT conducted directly against people

Clickjacking

3 multiple choice options

KC: Which type of attack is carried out by placing code in the form of a scripting language into a website or other type of media?

This attack is NOT conducted directly against people

Cross Site Scripting (XSS)

3 multiple choice options

KC: Which type of data is collected by law enforcement agents without using technology as its primary tool?

Human Intelligence (HUMINT)

3 multiple choice options

KC: Which social engineering technique uses electronic communications to carry out an attack that is broad in nature?

Phishing

3 multiple choice options

QUIZ: What describes competitive intelligence?

The process of intelligence gathering and analysis to support business decisions.

3 multiple choice options

QUIZ: Which law of operations security discusses the need to evaluate our information assets and determine what exactly we might consider to be our critical information?

* There are only 3 Laws of Operations Security *

The second law of operations security

"If you don't know what to protect, how do you know you are protecting it?"

3 multiple choice options

QUIZ: Which term refers to the practice of managing information gathering activities directed at an organization?

Competitive counterintelligence

QUIZ: What describes the identification of critical information?

Identification of sensitive data or assets on which a company is based, and everything depends.

3 multiple choice options

QUIZ: Which two steps are included in the operations security process? Choose two answers.

Identify the information that needs protection.

Develop methods to mitigate threats and vulnerabilities.

3 multiple choice options

QUIZ: What describes risk assessment?

Identification of when there is a threat and a vulnerability that the threat can exploit.

3 multiple choice options

QUIZ: Which term refers to data that provides additional details about the data?

Metadata

3 multiple choice options

QUIZ: Which term refers to unprocessed data that is not informative?

Raw data

3 multiple choice options

QUIZ: Which term refers to a search engine of service banners, which are metadata that the server sends back to the client?

Shodan

3 multiple choice options

QUIZ: What is the responsibility of the Interagency OpSec Support Staff (IOSS)?

Provide multiple agencies with a wide variety of security awareness and training.

3 multiple choice options

QUIZ: What is the responsibility of the National Security Agency (NSA)?

Present leaders with critical security information they need to defend our country.

3 multiple choice options

QUIZ: What is the responsibility of the Cybersecurity and Infrastructure Security Agency (CISA).

Lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.

3 multiple choice options

QUIZ: What is the responsibility of the SysAdmin, Audit, Network, and Security (SANS) Institute?

Provide access to information technology research and education around the world.

3 multiple choice options

QUIZ: Which type of social engineering attack utilizes credible scenarios to lure people into disclosing sensitive information?

Pretexting

QUIZ: Which social engineering technique uses electronic communications to carry out an attack that is broad in nature?

Phishing

3 multiple choice options

QUIZ: Which term is used to describe when an attacking network device impersonates a valid device?

Masquerading

3 multiple choice options

QUIZ: Which term describes the act of following someone through an access control point?

Tailgating

3 multiple choice options

QUIZ: Which security vulnerability does security awareness training help reduce?

Password misuses

3 multiple choice options

QUIZ: What does endpoint protection help reduce?

Malware

3 multiple choice options

QUIZ: Which part of a security awareness program locks down sensitive information before exiting?

Clean desk policy

3 multiple choice options