Information Security Terms & Definitions - D430 (Actual Exam) Questions with verified Answers (Latest Update 2026) UPDATE!!-WGU

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/99

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 1:18 PM on 4/20/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

100 Terms

1
New cards

Which type of system is considered absolutely secure?

A system that is shut off and disconnected from all networks.

3 multiple choice options

2
New cards

Which concept of the CIA Triad is associated with reliability?

Integrity

3 multiple choice options

3
New cards

____________ ensures data has not been tampered with and is correct, authentic, and reliable.

Integrity

3 multiple choice options

4
New cards

A malicious actor has breached the firewall with a reverse shell. Which side of the CIA triad is most affected?

Confidentiality

3 multiple choice options

5
New cards

A reverse shell enables an attacker to gain remote access to and control of a machine by bypassing firewall safeguards.

Confidentiality

3 multiple choice options

6
New cards

A user changes a number in a dataset with a typo. Which side of the CIA triad is most affected?

Integrity

3 multiple choice options

7
New cards

What is an example of identification?

Username

3 multiple choice options

8
New cards

What are three forms of authentication? Choose three answers.

Four-digit pin number; Text of 6-digit number to phone; Fingerprint

3 multiple choice options

9
New cards

What is an example of identification?

Email Address

3 multiple choice options

10
New cards

_________________ is claiming an identity with a unique identifier, such as an email address.

Identification

3 multiple choice options

11
New cards

What is an example of authentication?

Mothers maiden name

3 multiple choice options

12
New cards

"Something You Know"

Authentication

3 multiple choice options

13
New cards

What is the final step in allowing access to resources?

Authorization

3 multiple choice options

14
New cards

Which example demonstrates access control?

Locking and unlocking the doors of your house.

3 multiple choice options

15
New cards

Which type of access control model is a CAPTCHA an example of?

Attribute-based

3 multiple choice options

16
New cards

__________________ access control (ABAC) is, logically, based on attributes.

Attribute-based

3 multiple choice options

17
New cards

What is a sandbox?

An isolated environment that protects a set of resources

3 multiple choice options

18
New cards

A _________________ is an isolated environment that enables users to run programs or open files without affecting the application, system, or platform on which they run.

Sandbox

19
New cards

______________________ access control (MAC) is given based in the level of sensitivity of information.

Mandatory-based

3 multiple choice options

20
New cards

___________________ access control (RBAC) is where permissions are based on someone's role.

Role-based

3 multiple choice options

21
New cards

__________________ access control (DBAC) is where the owner of a file determines who can access it.

Discretionary-based

3 multiple choice options

22
New cards

Which characteristic falls under accountability?

Identity

3 multiple choice options

23
New cards

Which tool is used for vulnerability assessment?

Qualys

3 multiple choice options

24
New cards

Which standards apply to any financial entity policies?

Gramm-Leech-Bliley

3 multiple choice options

25
New cards

What company audits other companies for licensing requirements?

BSA

3 multiple choice options

26
New cards

They are an organization that investigates copyright infringement claims.

BSA

3 multiple choice options

27
New cards

Which term is synonymous with symmetric cryptography?

Secret key cryptography

3 multiple choice options

28
New cards

Which term is synonymous with asymmetric cryptography? It uses private and public key pairs.

Public key cryptography

3 multiple choice options

29
New cards

What are hash functions used for?

Determining whether the message has changed

3 multiple choice options

30
New cards

Which method is used to protect data at rest?

Encryption

3 multiple choice options

31
New cards

_________________ provides confidentiality.

Encryption

3 multiple choice options

32
New cards

Which type of compliance is achieved by law?

Regulatory

3 multiple choice options

33
New cards

________________ is mandated by congress.

Regulatory

3 multiple choice options

34
New cards

Which type of compliance is achieved by stakeholder agreement?

Industry

3 multiple choice options

35
New cards

_______________ agrees to standards but does not make laws or regulations.

Industry

3 multiple choice options

36
New cards

Which two types of compliance are laws? Choose two answers.

Privacy Act; HIPAA

3 multiple choice options

37
New cards

What act deals with the online privacy of minors under 13?

COPPA

3 multiple choice options

38
New cards

Which term refers to the process of gathering and analyzing information to support business decisions?

Competitive Intelligence

3 multiple choice options

39
New cards

What is the correct order of steps in the Operations Security Process?

Identification of critical information; Analysis of threats; Analysis of vulnerabilities; Assessment of risks; Application of countermeasures.

3 multiple choice options

40
New cards

What is one law of operational security?

If you don't know the threat, how do you protect it?

3 multiple choice options

41
New cards

The first law of operations security states.....

"If you don't know the threat, how do you know what to protect?"

42
New cards

What describes vulnerability analysis?

The identification of weaknesses that can be used to cause harm.

3 multiple choice options

43
New cards

What is the weakest link in a security program?

People

3 multiple choice options

44
New cards

Which type of attack is conducted on people to gather information?

Social Engineering

3 multiple choice options

45
New cards

_____________________ is a technique that uses deception to manipulate people into divulging confidential or personal information that may be used for fraudulent purposes.

Social Engineering

3 multiple choice options

46
New cards

___________________ is a malicious practice of manipulating a website user's activity by concealing hyperlinks beneath legitimate clickable content. This attack is not conducted directly against people.

Clickjacking

3 multiple choice options

47
New cards

____________________ is an attack that uses malicious social engineering, such as an email or link that tricks the victim into sending a forged request to a server.

Cross site request forgery (CSRF)

3 multiple choice options

48
New cards

__________________ is an attack carried out by placing code in the form of a scripting language into a website or other type of media. This attack not conducted directly against people.

Cross site scripting (XSS)

3 multiple choice options

49
New cards

Which type of data is collected by law enforcement agents without using technology as its primary tool?

Human intelligence

3 multiple choice options

50
New cards

_____________________ is data gathered by means of interpersonal contact as opposed to more technical intelligence gathering processes.

Human Intelligence (HUMINT)

3 multiple choice options

51
New cards

Which social engineering technique uses electronic communications to carry out an attack that is broad in nature?

Phishing

3 multiple choice options

52
New cards

_________________ is an attack against a company, organization, or person carried out by an electronic means, such as email or text messages, to carry out an attack that is broad in nature.

Phishing

3 multiple choice options

53
New cards

___________________ is where the attacker assumes a guise or fake identity to create a believable scenario that elicits the victim to provide information or perform an action.

Pretexting

3 multiple choice options

54
New cards

_____________________ a type of social engineering attack where a scammer uses a false promise to pique a victim's greed or curiosity to lure a victim into a trap that may steal sensitive information or inflict the system with malware.

Baiting

3 multiple choice options

55
New cards

___________________ is not electronic and takes advantage of a victim's misguided courtesy of leaving the door open.

Tailgating

3 multiple choice options

56
New cards

What is a major category of physical threats?

Gases

3 multiple choice options

57
New cards

Which type of asset control reports undesirable events?

Detective

3 multiple choice options

58
New cards

What are two advantages of flash media over traditional magnetic media?

Speed; Cost

3 multiple choice options

59
New cards

What are two considerations when choosing a location for a data center?

Natural disaster; Stable utilities

3 multiple choice options

60
New cards

What is a protocol for securing communications?

SSH

3 multiple choice options

61
New cards

What is the purpose of Wireshark?

Packet sniffing

3 multiple choice options

62
New cards

What are two advantages of using VPN's (Virtual Private Networks)?

Accessing data on secure network from a remote site.; Sending sensitive traffic over unsecured networks

3 multiple choice options

63
New cards

What are two main methods of an IDS? Choose 2 answers.

Signature-based; Anomaly-based

3 multiple choice options

64
New cards

Which type of intrusion detection system (IDS) is used to analyze activities on the network interface of a particular asset?

Host-based

3 multiple choice options

65
New cards

Which security mechanism hardens operating systems (OS) by limiting user access to the minimum permissions needed to carry out tasks?

Apply the principle of least privilege

3 multiple choice options

66
New cards

Which tool is used for port scanning and to discover devices on a network?

Nmap

3 multiple choice options

67
New cards

__________ is used for port scanning, discovering devices, and searching for hosts on a network. It is an important tool to help identify and remove unessential services when hardening an operating system.

Nmap

3 multiple choice options

68
New cards

What is reduced by hardening an operating system?

The attack surface

3 multiple choice options

69
New cards

Hardening the operating system is a way to mitigate various threats and vulnerabilities, thus, reducing ____________________________.

The attack surface

3 multiple choice options

70
New cards

What is used to prevent buffer overflow?

Bounds checking

3 multiple choice options

71
New cards

__________________ sets a limit on the amount of data an application takes in.

Bounds checking

3 multiple choice options

72
New cards

_____________________ is a type of attack where more data is entered into an application from a particular input than expected.

Buffer overflow

3 multiple choice options

73
New cards

_____________________ occurs when input is checked for accuracy and validity.

Input validation

3 multiple choice options

74
New cards

Which type of vulnerability is present when multiple threads within a process control access to a particular resource?

Race condition

3 multiple choice options

75
New cards

___________________ is a security risk in places where data might be exposed, such as free wireless internet networks.

Wireless exposure

3 multiple choice options

76
New cards

A ________________________ occurs when multiple threads within a process control access to a particular resource and the correct handling depends on timing or transactions.

Race condition

3 multiple choice options

77
New cards

__________________ is an attack that uses SQL code for backend database manipulation to access information.

SQL injection

3 multiple choice options

78
New cards

__________________ is an attack that routes DNS requests to the attacker's server, providing attackers a covert command and control channel, and data exfiltration path.

DNS tunneling

3 multiple choice options

79
New cards

Which type of attack occurs when certain print functions within a programming language are used to manipulate and view the internal memory of an application?

Format string

3 multiple choice options

80
New cards

_________________________ is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website.

Cross-site scripting

3 multiple choice options

81
New cards

A ____________ attack is a type of authentication attack that occurs when a program is implemented to automate the process of guessing valid usernames and password combinations.

Brute force

3 multiple choice options

82
New cards

_____________________ attacks occur when homegrown algorithms are used as cryptographic controls or when application keys are not changed, as these practices result in exposing our systems to attackers.

Cryptographic

3 multiple choice options

83
New cards

Which type of attack is an example of an input validation attack?

Format string

3 multiple choice options

84
New cards

An organization is seeking to implement a solution that unifies control of all devices from a central location. Which solution should the organization implement?

Mobile device management (MDM)

3 multiple choice options

85
New cards

An _____________________ refers to any system that controls in industrial process and is commonly embedded in devices.

Industrial control system

3 multiple choice options

86
New cards

A __________________________ solution refers to a set of tools and features that allow an organization to centrally manage its devices under a single system. P 155

Mobile device management (MDM)

3 multiple choice options

87
New cards

_____________________ refers to a computer contained inside another device that typically performs a single function.

Embedded security

3 multiple choice options

88
New cards

A __________________ is an underlying system that runs on its own processor and generally handle's the devices' hardware. P 156

Baseband OS

3 multiple choice options

89
New cards

What should a company do to prevent jailbreaking on a mobile device?

Attach an external management solution

3 multiple choice options

90
New cards

_____________________________________________ to a mobile device can stop jailbreaking, as it installs its own apps to provide additional security layers on the device.

Attaching an external management solution

3 multiple choice options

91
New cards

While ________________________ can make it easier for an organization to centrally manage devices, it will not prevent jailbreaking.

Disabling personal email

3 multiple choice options

92
New cards

While _________________________ apps on a mobile device can make it easier for an organization to centrally manage devices, it will not prevent jailbreaking.

Disabling file sharing

3 multiple choice options

93
New cards

While ____________________ frequent updates will provide protection on a mobile device, hackers can still find a way to jailbreak the device.

Installing updates

3 multiple choice options

94
New cards

Which assessment tool scans for vulnerabilities on a host?

Nessus

3 multiple choice options

95
New cards

What describes an authorized attempt to gain unauthorized access to a computer system or network?

Ethical hacking

3 multiple choice options

96
New cards

The practice of covertly discovering and collecting information about a system.

Reconnaissance

3 multiple choice options

97
New cards

________________ is part of the process for pen testing that deals with what will be tested.

Scoping

3 multiple choice options

98
New cards

A __________________________ is a systematic review of security weaknesses in an information system.

Vulnerability assessment

3 multiple choice options

99
New cards

A _______________ pen test is a type of pen test that tests a system using a combination of black and white testing.

Gray box

2 multiple choice options

100
New cards

A ________________ pen test is a type of pen test that tests a system with no prior knowledge of its internal workings.

Black box

2 multiple choice options