WGU C795 ACTUAL 2026 EXAM QUESTIONS AND
SOLUTIONS RATED A+
✔✔When should formal change management be used to manage updates to a disaster
recovery plan?
A When the IT infrastructure changes, all related disaster-recovery documentation
should be changed to match the environment.
B When personnel changes, all related disaster-recovery documentation should be
changed to match the staffing.
C When regulations change, all related disaster-recovery documentation should be
changed to match the regulations.
D When management changes, all related disaster-recovery documentation should be
changed to match the structure. - ✔✔A
✔✔A company presents team members with a disaster recovery scenario, asks
members to develop an appropriate response, and then tests some of the technical
responses without shutting down operations at the primary site.
Which type of disaster recovery test is being performed?
A Read-through
B Structured walk-through
C Simulation
D Full-interruption - ✔✔C
✔✔Which defense-in-depth practices allow an organization to locate an intruder on its
internal network?
A Whitelisting applications and blacklisting processes
B Antivirus and intrusion prevention system (IPS)
C Security information and event management (SIEM) and intrusion detection system
(IDS)
D Sandboxing applications and penetration testing - ✔✔C
✔✔A company is concerned that disgruntled employees are sending sensitive data to
its competitors.
Which defense-in-depth practices assist a company in identifying an insider threat?
A Data loss prevention (DLP) and audit logs
B Antivirus and intrusion detection systems (IDS)
,C Data loss prevention (DLP) and intrusion detection systems (IDS)
D Antivirus and audit logs - ✔✔A
✔✔A company is hit with a number of ransomware attacks. These attacks are causing a
significant amount of downtime and data loss since users with access to sensitive
company documents are being targeted. These attacks have prompted management to
invest in new technical controls to prevent ransomware.
Which defense-in-depth practices should this company implement?
A Password resets and a log review
B Mandatory vacations and job rotation
C Spam filtering and antimalware
D Encryption and an internal firewall - ✔✔C
✔✔A company's database administrator requires access to a database server to
perform maintenance. The director of information technology will provide the database
administrator access to the database server but will not provide the database
administrator access to all the data within the server's database.
Which defense-in-depth practice enhances the company's need-to-know data access
strategy?
A Using compartmented mode systems and least privilege
B Using compartmented mode systems and two-person control
C Using dedicated mode systems and least privilege
D Using dedicated mode systems and two-person control - ✔✔A
✔✔A company has signed a contract with a third-party vendor to use the vendor's
inventory management system hosted in a cloud. For convenience, the vendor set up
the application to use Lightweight Directory Access Protocol (LDAP) queries but did not
enable secure LDAP queries or implement a secure sockets layer (SSL) on the
application's web server. The vendor does not have the ability to secure the system,
and company management insists on using the application.
Which defense-in-depth practices should the company implement to minimize the
likelihood of an account compromise due to insecure setup by the vendor?
A Location-based access control and multifactor authentication
B Intrusion prevention system (IPS) and honeypot systems
C Antivirus and intrusion detection system (IDS)
D Password hashing and authentication encryption - ✔✔A
,✔✔A company is terminating several employees with high levels of access. The
company wants to protect itself from possible disgruntled employees who could become
potential insider threats.
Which defense-in-depth practices should be applied?
A Account revocation and conducting a vulnerability assessment
B Account revocation and conducting a full backup of critical data
C A mandatory 90-day password change and conducting a full backup of critical data
D A mandatory 90-day password change and conducting a vulnerability assessment -
✔✔A
✔✔A hacker is sitting between a corporate user and the email server that the user is
currently accessing. The hacker is trying to intercept and capture any data the user is
sending through the email application.
How should a system administrator protect the company's email server from this attack?
A Encrypt network traffic with VPNs
B Add antimalware to the email server
C Implement a firewall
D Whitelist the sites that are trusted - ✔✔A
✔✔A company wants to prevent cybercriminals from gaining easy access into its email
server. The company wants to know which user is accessing which resources and to
prevent hackers from easily gaining access to the server.
Which defense-in-depth strategy should be used?
A Authenticate users and devices and log events within the network
B Deploy VLANs for traffic separation and coarse-grained security
C Place encryption throughout the network to ensure privacy
D Use stateful firewall technology at the port level and log firewall activity - ✔✔A
✔✔A chief information officer (CIO) recently read an article involving a similar company
that was hit with ransomware due to ineffective patch-management practices. The CIO
tasks a security professional with gathering metrics on the effectiveness of the
company's patch-management program to avoid a similar incident.
Which method enables the security professional to gather current, accurate metrics?
A Review authenticated vulnerability scan reports
B Review reports from Windows Update
C Review patch history on nonproduction systems
D Review patch tickets in the change control system - ✔✔A
, ✔✔A company hires several contractors each year to augment its IT workforce. The
contractors are granted access to the internal corporate network, but they are not
provided laptops containing the corporate image. Instead, they are required to bring
their own equipment.
Which defense-in-depth practice should be required for contractor laptops to ensure that
contractors do not connect infected laptops to the internal corporate network?
A Enable command-line audit logging on contractor laptops
B Configure devices to not autorun content
C Configure antimalware scanning of removable devices
D Ensure antimalware software and signatures are updated - ✔✔D
✔✔It is suspected that someone is connecting to an organization's wireless access
points (WAPs) and capturing data.
Which boundary-defense method should be applied to reduce eavesdropping attacks?
A Enable 802.1X to require network authentication
B Disconnect unused LAN drops within the building
C Install a network monitor on the WAP
D Add a whitelist for all traffic coming from the ISP - ✔✔A
✔✔A government agency is at risk of attack from malicious nation-state actors.
Which defense should the agency put on the boundary of its network to stop attacks?
A Deploy a honeypot
B Employ an intrusion detection system
C Use an internal security information and event manager
D Employ an intrusion prevention system - ✔✔D
✔✔A company needs to improve its ability to detect and investigate rogue WAPs.
Which defense-in-depth practice should be used?
A Configure a captive portal to request information
B Configure MAC address filtering to control access
C Install a wireless IDS to monitor irregular behavior
D Install a stateful firewall to block network connections - ✔✔C
✔✔A company is concerned about securing its corporate network, including its wireless
network, to limit security risks.
SOLUTIONS RATED A+
✔✔When should formal change management be used to manage updates to a disaster
recovery plan?
A When the IT infrastructure changes, all related disaster-recovery documentation
should be changed to match the environment.
B When personnel changes, all related disaster-recovery documentation should be
changed to match the staffing.
C When regulations change, all related disaster-recovery documentation should be
changed to match the regulations.
D When management changes, all related disaster-recovery documentation should be
changed to match the structure. - ✔✔A
✔✔A company presents team members with a disaster recovery scenario, asks
members to develop an appropriate response, and then tests some of the technical
responses without shutting down operations at the primary site.
Which type of disaster recovery test is being performed?
A Read-through
B Structured walk-through
C Simulation
D Full-interruption - ✔✔C
✔✔Which defense-in-depth practices allow an organization to locate an intruder on its
internal network?
A Whitelisting applications and blacklisting processes
B Antivirus and intrusion prevention system (IPS)
C Security information and event management (SIEM) and intrusion detection system
(IDS)
D Sandboxing applications and penetration testing - ✔✔C
✔✔A company is concerned that disgruntled employees are sending sensitive data to
its competitors.
Which defense-in-depth practices assist a company in identifying an insider threat?
A Data loss prevention (DLP) and audit logs
B Antivirus and intrusion detection systems (IDS)
,C Data loss prevention (DLP) and intrusion detection systems (IDS)
D Antivirus and audit logs - ✔✔A
✔✔A company is hit with a number of ransomware attacks. These attacks are causing a
significant amount of downtime and data loss since users with access to sensitive
company documents are being targeted. These attacks have prompted management to
invest in new technical controls to prevent ransomware.
Which defense-in-depth practices should this company implement?
A Password resets and a log review
B Mandatory vacations and job rotation
C Spam filtering and antimalware
D Encryption and an internal firewall - ✔✔C
✔✔A company's database administrator requires access to a database server to
perform maintenance. The director of information technology will provide the database
administrator access to the database server but will not provide the database
administrator access to all the data within the server's database.
Which defense-in-depth practice enhances the company's need-to-know data access
strategy?
A Using compartmented mode systems and least privilege
B Using compartmented mode systems and two-person control
C Using dedicated mode systems and least privilege
D Using dedicated mode systems and two-person control - ✔✔A
✔✔A company has signed a contract with a third-party vendor to use the vendor's
inventory management system hosted in a cloud. For convenience, the vendor set up
the application to use Lightweight Directory Access Protocol (LDAP) queries but did not
enable secure LDAP queries or implement a secure sockets layer (SSL) on the
application's web server. The vendor does not have the ability to secure the system,
and company management insists on using the application.
Which defense-in-depth practices should the company implement to minimize the
likelihood of an account compromise due to insecure setup by the vendor?
A Location-based access control and multifactor authentication
B Intrusion prevention system (IPS) and honeypot systems
C Antivirus and intrusion detection system (IDS)
D Password hashing and authentication encryption - ✔✔A
,✔✔A company is terminating several employees with high levels of access. The
company wants to protect itself from possible disgruntled employees who could become
potential insider threats.
Which defense-in-depth practices should be applied?
A Account revocation and conducting a vulnerability assessment
B Account revocation and conducting a full backup of critical data
C A mandatory 90-day password change and conducting a full backup of critical data
D A mandatory 90-day password change and conducting a vulnerability assessment -
✔✔A
✔✔A hacker is sitting between a corporate user and the email server that the user is
currently accessing. The hacker is trying to intercept and capture any data the user is
sending through the email application.
How should a system administrator protect the company's email server from this attack?
A Encrypt network traffic with VPNs
B Add antimalware to the email server
C Implement a firewall
D Whitelist the sites that are trusted - ✔✔A
✔✔A company wants to prevent cybercriminals from gaining easy access into its email
server. The company wants to know which user is accessing which resources and to
prevent hackers from easily gaining access to the server.
Which defense-in-depth strategy should be used?
A Authenticate users and devices and log events within the network
B Deploy VLANs for traffic separation and coarse-grained security
C Place encryption throughout the network to ensure privacy
D Use stateful firewall technology at the port level and log firewall activity - ✔✔A
✔✔A chief information officer (CIO) recently read an article involving a similar company
that was hit with ransomware due to ineffective patch-management practices. The CIO
tasks a security professional with gathering metrics on the effectiveness of the
company's patch-management program to avoid a similar incident.
Which method enables the security professional to gather current, accurate metrics?
A Review authenticated vulnerability scan reports
B Review reports from Windows Update
C Review patch history on nonproduction systems
D Review patch tickets in the change control system - ✔✔A
, ✔✔A company hires several contractors each year to augment its IT workforce. The
contractors are granted access to the internal corporate network, but they are not
provided laptops containing the corporate image. Instead, they are required to bring
their own equipment.
Which defense-in-depth practice should be required for contractor laptops to ensure that
contractors do not connect infected laptops to the internal corporate network?
A Enable command-line audit logging on contractor laptops
B Configure devices to not autorun content
C Configure antimalware scanning of removable devices
D Ensure antimalware software and signatures are updated - ✔✔D
✔✔It is suspected that someone is connecting to an organization's wireless access
points (WAPs) and capturing data.
Which boundary-defense method should be applied to reduce eavesdropping attacks?
A Enable 802.1X to require network authentication
B Disconnect unused LAN drops within the building
C Install a network monitor on the WAP
D Add a whitelist for all traffic coming from the ISP - ✔✔A
✔✔A government agency is at risk of attack from malicious nation-state actors.
Which defense should the agency put on the boundary of its network to stop attacks?
A Deploy a honeypot
B Employ an intrusion detection system
C Use an internal security information and event manager
D Employ an intrusion prevention system - ✔✔D
✔✔A company needs to improve its ability to detect and investigate rogue WAPs.
Which defense-in-depth practice should be used?
A Configure a captive portal to request information
B Configure MAC address filtering to control access
C Install a wireless IDS to monitor irregular behavior
D Install a stateful firewall to block network connections - ✔✔C
✔✔A company is concerned about securing its corporate network, including its wireless
network, to limit security risks.
