WGU C795 ACTUAL 2026 TEST PAPER QUESTIONS AND
SOLUTIONS RATED A+
✔✔An organization is creating a security policy that will be able to audit the use of
administrative credentials. The company has decided to use multifactor authentication
to allow for the accountability of administrative actions.
Which multifactor authentication policy should be applied?
A Force administrators to have two accounts, one for normal tasks and one for elevated
privileges
B Assign administrators individual accounts that require a password and a physical
smart card
C Have all administrators use a different administrative account on each server in the
network
D Change the default password on all service accounts and on all administrator
accounts - ✔✔B
✔✔An organization is deploying a number of internet-enabled warehouse cameras to
assist with loss prevention. A plan is put in place to implement automated patching.
Which defense-in-depth measure will ensure that the patch images are as expected?
A All remotely installed software must be signed.
B Communications must use HTTPS.
C Device authentication must use digital certificates.
D All passwords must be salted and hashed. - ✔✔A
✔✔A company has user credentials compromised through a phishing attack.
Which defense-in-depth practice will reduce the likelihood of misuse of the user's
credentials?
A Configure firewall rules
B Deploy multifactor authentication
C Deploy RADIUS authentication
D Configure encryption protocols - ✔✔B
✔✔A company is implementing a defense-in-depth approach that includes capturing
audit logs. The audit logs need to be written in a manner that provides integrity.
Which defense-in-depth strategy should be applied?
A Write the data to a write-once, read-many (WORM) drive
B Write the data to an encrypted hard drive
,C Write the data to an encrypted flash drive
D Write the data to an SD card and store the SD card in a safe - ✔✔A
✔✔A company wants to monitor the inbound and outbound flow of packets and not the
content.
Which defense-in-depth strategy should be implemented?
A The organization should use egress filtering on the network.
B Traffic and trend analyses should be installed on the router.
C The administrator should configure network data loss prevention.
D RADIUS authentication should be used on the bastion host. - ✔✔B
✔✔A security analyst observes that an unauthorized user has logged in to the network
and tried to access an application with failed password attempts.
Which defense-in-depth tactic should the security analyst use to see other activities this
user has attempted?
A Brute-force attack the application to see if a user can get in
B Check application logs for events and errors caused by the user
C Use a packet sniffer to analyze the network traffic
D Use SIEM to collect logs and look at the aggregate data - ✔✔D
✔✔A company is concerned about unneeded network protocols being available on the
network.
Which two defense-in-depth practices should the company implement to detect whether
FTP is being used?Choose 2 answers.
A Install BIOS firmware updates
B Perform automated packet scanning
C Implement application firewalls
D Physically segment the network - ✔✔BC
✔✔A penetration tester identifies a SQL injection vulnerability in a business-critical web
application. The security administrator discusses this finding with the application
developer, and the developer insists that the issue would take two months to remediate.
Which defense-in-depth practice should the security administrator use to prevent an
attacker from exploiting this weakness before the developer can implement a fix?
A Perform daily vulnerability scans
B Implement a web-application firewall
C Submit an urgent change control ticket
,D Deploy an antimalware agent to the web server - ✔✔B
✔✔A technician notifies her supervisor that the nightly backup of a critical system failed
during the previous night's run. Because the system is critical to the organization, the
technician raised the issue in order to make management aware of the missing backup.
The technician is looking for guidance on whether additional actions should be taken on
the single backup failure.
Which role is responsible for making the final decision on how to handle the incomplete
backup?
A Senior management
B Data owner
C Supervisor
D Application administrator - ✔✔B
✔✔A company relies exclusively on a system for critical functions. An audit is
performed, and the report notes that there is no log review performed on the system.
Management has been tasked with selecting the appropriate person to perform the log
reviews in order to correct the deficiency.
Which role is responsible for reviewing and auditing logs in order to detect any
malicious behavior?
A Security administrator
B System user
C Database administrator
D Senior management - ✔✔A
✔✔A company's main asset is a physical working prototype stored in the research and
development department. The prototype is not currently connected to the company's
network.
Which privileged user activity should be monitored?
A Accessing camera logs
B Adding accounts to the administrator group
C Running scripts in PowerShell
D Disabling host firewall - ✔✔A
✔✔A company's main asset is its client list stored in the company database, which is
accessible to only specific users. The client list contains Health Insurance Portability
and Accountability Act (HIPAA) protected data.
Which user activity should be monitored?
, A Privilege escalation
B Changing system time
C Using database recovery tools
D Configuring interfaces - ✔✔A
✔✔An employee is transferring data onto removable media. The company wants to
reduce the likelihood of fraud, and transferring data onto removable media is limited to
special cases.
Which security principle should the company execute as a policy to reduce fraud?
A Two-person control
B Least privilege
C Need to know
D Job rotation - ✔✔A
✔✔A company performs a data audit on its critical information every six months.
Company policy states that the audit cannot be conducted by the same employee within
a two-year timeframe.
Which principle is this company following?
A Job rotation
B Two-person control
C Least privilege
D Need to know - ✔✔A
✔✔An executive is using a personal cell phone to view sensitive data.
Which control would protect the sensitive data stored on the phone from being exposed
due to loss or theft?
A Encryption
B Antimalware
C Antivirus
D Backups - ✔✔A
✔✔A company has identified a massive security breach in its healthcare records
department. Over 50% of customers' personally identifiable information (PII) has been
stolen. The customers are aware of the breach, and the company is taking actions to
protect customer assets through the personal security policy, which addresses PII data.
Which preventive measure should the company pursue to protect against future
attacks?
SOLUTIONS RATED A+
✔✔An organization is creating a security policy that will be able to audit the use of
administrative credentials. The company has decided to use multifactor authentication
to allow for the accountability of administrative actions.
Which multifactor authentication policy should be applied?
A Force administrators to have two accounts, one for normal tasks and one for elevated
privileges
B Assign administrators individual accounts that require a password and a physical
smart card
C Have all administrators use a different administrative account on each server in the
network
D Change the default password on all service accounts and on all administrator
accounts - ✔✔B
✔✔An organization is deploying a number of internet-enabled warehouse cameras to
assist with loss prevention. A plan is put in place to implement automated patching.
Which defense-in-depth measure will ensure that the patch images are as expected?
A All remotely installed software must be signed.
B Communications must use HTTPS.
C Device authentication must use digital certificates.
D All passwords must be salted and hashed. - ✔✔A
✔✔A company has user credentials compromised through a phishing attack.
Which defense-in-depth practice will reduce the likelihood of misuse of the user's
credentials?
A Configure firewall rules
B Deploy multifactor authentication
C Deploy RADIUS authentication
D Configure encryption protocols - ✔✔B
✔✔A company is implementing a defense-in-depth approach that includes capturing
audit logs. The audit logs need to be written in a manner that provides integrity.
Which defense-in-depth strategy should be applied?
A Write the data to a write-once, read-many (WORM) drive
B Write the data to an encrypted hard drive
,C Write the data to an encrypted flash drive
D Write the data to an SD card and store the SD card in a safe - ✔✔A
✔✔A company wants to monitor the inbound and outbound flow of packets and not the
content.
Which defense-in-depth strategy should be implemented?
A The organization should use egress filtering on the network.
B Traffic and trend analyses should be installed on the router.
C The administrator should configure network data loss prevention.
D RADIUS authentication should be used on the bastion host. - ✔✔B
✔✔A security analyst observes that an unauthorized user has logged in to the network
and tried to access an application with failed password attempts.
Which defense-in-depth tactic should the security analyst use to see other activities this
user has attempted?
A Brute-force attack the application to see if a user can get in
B Check application logs for events and errors caused by the user
C Use a packet sniffer to analyze the network traffic
D Use SIEM to collect logs and look at the aggregate data - ✔✔D
✔✔A company is concerned about unneeded network protocols being available on the
network.
Which two defense-in-depth practices should the company implement to detect whether
FTP is being used?Choose 2 answers.
A Install BIOS firmware updates
B Perform automated packet scanning
C Implement application firewalls
D Physically segment the network - ✔✔BC
✔✔A penetration tester identifies a SQL injection vulnerability in a business-critical web
application. The security administrator discusses this finding with the application
developer, and the developer insists that the issue would take two months to remediate.
Which defense-in-depth practice should the security administrator use to prevent an
attacker from exploiting this weakness before the developer can implement a fix?
A Perform daily vulnerability scans
B Implement a web-application firewall
C Submit an urgent change control ticket
,D Deploy an antimalware agent to the web server - ✔✔B
✔✔A technician notifies her supervisor that the nightly backup of a critical system failed
during the previous night's run. Because the system is critical to the organization, the
technician raised the issue in order to make management aware of the missing backup.
The technician is looking for guidance on whether additional actions should be taken on
the single backup failure.
Which role is responsible for making the final decision on how to handle the incomplete
backup?
A Senior management
B Data owner
C Supervisor
D Application administrator - ✔✔B
✔✔A company relies exclusively on a system for critical functions. An audit is
performed, and the report notes that there is no log review performed on the system.
Management has been tasked with selecting the appropriate person to perform the log
reviews in order to correct the deficiency.
Which role is responsible for reviewing and auditing logs in order to detect any
malicious behavior?
A Security administrator
B System user
C Database administrator
D Senior management - ✔✔A
✔✔A company's main asset is a physical working prototype stored in the research and
development department. The prototype is not currently connected to the company's
network.
Which privileged user activity should be monitored?
A Accessing camera logs
B Adding accounts to the administrator group
C Running scripts in PowerShell
D Disabling host firewall - ✔✔A
✔✔A company's main asset is its client list stored in the company database, which is
accessible to only specific users. The client list contains Health Insurance Portability
and Accountability Act (HIPAA) protected data.
Which user activity should be monitored?
, A Privilege escalation
B Changing system time
C Using database recovery tools
D Configuring interfaces - ✔✔A
✔✔An employee is transferring data onto removable media. The company wants to
reduce the likelihood of fraud, and transferring data onto removable media is limited to
special cases.
Which security principle should the company execute as a policy to reduce fraud?
A Two-person control
B Least privilege
C Need to know
D Job rotation - ✔✔A
✔✔A company performs a data audit on its critical information every six months.
Company policy states that the audit cannot be conducted by the same employee within
a two-year timeframe.
Which principle is this company following?
A Job rotation
B Two-person control
C Least privilege
D Need to know - ✔✔A
✔✔An executive is using a personal cell phone to view sensitive data.
Which control would protect the sensitive data stored on the phone from being exposed
due to loss or theft?
A Encryption
B Antimalware
C Antivirus
D Backups - ✔✔A
✔✔A company has identified a massive security breach in its healthcare records
department. Over 50% of customers' personally identifiable information (PII) has been
stolen. The customers are aware of the breach, and the company is taking actions to
protect customer assets through the personal security policy, which addresses PII data.
Which preventive measure should the company pursue to protect against future
attacks?
