WGU C845 (ISC)2 Certified in
Cybersecurity - Exam Prep
A system that collects transactional information and stores it in a record in order to show
which users performed which actions is an example of providing ________. (D1, L1.1.1)
A) Non-repudiation
B) Multifactor authentication
C) Biometrics
D) Privacy - answerA) Non-repudiation
In risk management concepts, a(n) ___________ is something or someone that poses
risk to an organization or asset. (D1, L1.2.1)
A) Fear
B) Threat
C) Control
D) Asset - answerB) Threat
A software firewall is an application that runs on a device and prevents specific types of
traffic from entering that device. This is a type of ________ control. (D1, L1.3.1)
A) Physical
B) Administrative
C) Passive
D) Technical - answerD) Technical
Tina is an (ISC)² member and is invited to join an online group of IT security
enthusiasts. After attending a few online sessions, Tina learns that some participants in
the group are sharing malware with each other, in order to use it against other
organizations online. What should Tina do? (D1, L1.5.1)
A) Nothing
B) Stop participating in the group
C) Report the group to law enforcement
D) Report the group to (ISC)² - answerB) Stop participating in the group
The city of Grampon wants to ensure that all of its citizens are protected from malware,
so the city council creates a rule that anyone caught creating and launching malware
,within the city limits will receive a fine and go to jail. What kind of rule is this? (D1,
L1.4.1)
A) Policy
B) Procedure
C) Standard
D) Law - answerD) Law
The Payment Card Industry (PCI) Council is a committee made up of representatives
from major credit card providers (Visa, Mastercard, American Express) in the United
States. The PCI Council issues rules that merchants must follow if the merchants
choose to accept payment via credit card. These rules describe best practices for
securing credit card processing technology, activities for securing credit card
information, and how to protect customers' personal data. This set of rules is a _____.
(D1, L1.4.2)
A) Law
B) Policy
C) Standard
D) Procedure - answerC) Standard
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While
Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee
is violating the acceptable use policy and watching streaming videos during work hours.
What should Aphrodite do? (D1, L1.5.1)
A) Inform (ISC)²
B) Inform law enforcement
C) Inform Triffid management
D) Nothing - answerC) Inform Triffid management
Triffid Corporation has a rule that all employees working with sensitive hardcopy
documents must put the documents into a safe at the end of the workday, where they
are locked up until the following workday. What kind of control is the process of putting
the documents into the safe? (D1, L1.3.1)
A) Administrative
B) Tangential
C) Physical
D) Technical - answerA) Administrative
Kerpak works in the security office of a medium-sized entertainment company. Kerpak
is asked to assess a particular threat, and he suggests that the best way to counter this
threat would be to purchase and implement a particular security solution. This is an
example of _______. (D1, L1.2.2)
,A) Acceptance
B) Avoidance
C) Mitigation
D) Transference - answerC) Mitigation
The Triffid Corporation publishes a policy that states all personnel will act in a manner
that protects health and human safety. The security office is tasked with writing a
detailed set of processes on how employees should wear protective gear such as
hardhats and gloves when in hazardous areas. This detailed set of processes is a
_________. (D1, L1.4.1)
A) Policy
B) Procedure
C) Standard
D) Law - answerB) Procedure
The senior leadership of Triffid Corporation decides that the best way to minimize
liability for the company is to demonstrate the company's commitment to adopting best
practices recognized throughout the industry. Triffid management issues a document
that explains that Triffid will follow the best practices published by SANS, an industry
body that addresses computer and information security.
The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2)
A) Law, policy
B) Policy, standard
C) Policy, law
D) Procedure, procedure - answerB) Policy, standard
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of
Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what
the test questions are like. What should Zarma do? (D1, L1.5.1)
A) Inform (ISC)²
B) Explain the style and format of the questions, but no detail
C) Inform the colleague's supervisor
D) Nothing - answerB) Explain the style and format of the questions, but no detail
Of the following, which would probably not be considered a threat? (D1, L1.2.1)
A) Natural disaster
B) Unintentional damage to the system caused by a user
C) A laptop with sensitive data on it
D) An external attacker trying to gain unauthorized access to the environment -
answerC) A laptop with sensitive data on it
, Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst.
Yesterday, Siobhan got a parking ticket while shopping after work. What should
Siobhan do? (D1, L1.5.1)
A) Inform (ISC)²
B) Pay the parking ticket
C) Inform supervisors at Triffid
D) Resign employment from Triffid - answerB) Pay the parking ticket
Which of the following is an example of a "something you are" authentication factor?
(D1, L1.1.1)
A) A credit card presented to a cash machine
B) Your password and PIN
C) A user ID
D) A photograph of your face - answerD) A photograph of your face
For which of the following systems would the security concept of availability probably be
most important? (D1, L1.1.1)
A) Medical systems that store patient data
B) Retail records of past transactions
C) Online streaming of camera feeds that display historical works of art in museums
around the world
D) Medical systems that monitor patient condition in an intensive care unit - answerD)
Medical systems that monitor patient condition in an intensive care unit
In risk management concepts, a(n) _________ is something a security practitioner
might need to protect. (D1, L1.2.1)
A) Vulnerability
B) Asset
C) Threat
D) Likelihood - answerB) Asset
Triffid Corporation has a policy that all employees must receive security awareness
instruction before using email; the company wants to make employees aware of
potential phishing attempts that the employees might receive via email. What kind of
control is this instruction? (D1, L1.3.1)
A) Administrative
B) Finite
C) Physical
D) Technical - answerA) Administrative
What is the overall objective of a disaster recovery (DR) effort? (D2, L2.3.1)
Cybersecurity - Exam Prep
A system that collects transactional information and stores it in a record in order to show
which users performed which actions is an example of providing ________. (D1, L1.1.1)
A) Non-repudiation
B) Multifactor authentication
C) Biometrics
D) Privacy - answerA) Non-repudiation
In risk management concepts, a(n) ___________ is something or someone that poses
risk to an organization or asset. (D1, L1.2.1)
A) Fear
B) Threat
C) Control
D) Asset - answerB) Threat
A software firewall is an application that runs on a device and prevents specific types of
traffic from entering that device. This is a type of ________ control. (D1, L1.3.1)
A) Physical
B) Administrative
C) Passive
D) Technical - answerD) Technical
Tina is an (ISC)² member and is invited to join an online group of IT security
enthusiasts. After attending a few online sessions, Tina learns that some participants in
the group are sharing malware with each other, in order to use it against other
organizations online. What should Tina do? (D1, L1.5.1)
A) Nothing
B) Stop participating in the group
C) Report the group to law enforcement
D) Report the group to (ISC)² - answerB) Stop participating in the group
The city of Grampon wants to ensure that all of its citizens are protected from malware,
so the city council creates a rule that anyone caught creating and launching malware
,within the city limits will receive a fine and go to jail. What kind of rule is this? (D1,
L1.4.1)
A) Policy
B) Procedure
C) Standard
D) Law - answerD) Law
The Payment Card Industry (PCI) Council is a committee made up of representatives
from major credit card providers (Visa, Mastercard, American Express) in the United
States. The PCI Council issues rules that merchants must follow if the merchants
choose to accept payment via credit card. These rules describe best practices for
securing credit card processing technology, activities for securing credit card
information, and how to protect customers' personal data. This set of rules is a _____.
(D1, L1.4.2)
A) Law
B) Policy
C) Standard
D) Procedure - answerC) Standard
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While
Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee
is violating the acceptable use policy and watching streaming videos during work hours.
What should Aphrodite do? (D1, L1.5.1)
A) Inform (ISC)²
B) Inform law enforcement
C) Inform Triffid management
D) Nothing - answerC) Inform Triffid management
Triffid Corporation has a rule that all employees working with sensitive hardcopy
documents must put the documents into a safe at the end of the workday, where they
are locked up until the following workday. What kind of control is the process of putting
the documents into the safe? (D1, L1.3.1)
A) Administrative
B) Tangential
C) Physical
D) Technical - answerA) Administrative
Kerpak works in the security office of a medium-sized entertainment company. Kerpak
is asked to assess a particular threat, and he suggests that the best way to counter this
threat would be to purchase and implement a particular security solution. This is an
example of _______. (D1, L1.2.2)
,A) Acceptance
B) Avoidance
C) Mitigation
D) Transference - answerC) Mitigation
The Triffid Corporation publishes a policy that states all personnel will act in a manner
that protects health and human safety. The security office is tasked with writing a
detailed set of processes on how employees should wear protective gear such as
hardhats and gloves when in hazardous areas. This detailed set of processes is a
_________. (D1, L1.4.1)
A) Policy
B) Procedure
C) Standard
D) Law - answerB) Procedure
The senior leadership of Triffid Corporation decides that the best way to minimize
liability for the company is to demonstrate the company's commitment to adopting best
practices recognized throughout the industry. Triffid management issues a document
that explains that Triffid will follow the best practices published by SANS, an industry
body that addresses computer and information security.
The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2)
A) Law, policy
B) Policy, standard
C) Policy, law
D) Procedure, procedure - answerB) Policy, standard
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of
Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what
the test questions are like. What should Zarma do? (D1, L1.5.1)
A) Inform (ISC)²
B) Explain the style and format of the questions, but no detail
C) Inform the colleague's supervisor
D) Nothing - answerB) Explain the style and format of the questions, but no detail
Of the following, which would probably not be considered a threat? (D1, L1.2.1)
A) Natural disaster
B) Unintentional damage to the system caused by a user
C) A laptop with sensitive data on it
D) An external attacker trying to gain unauthorized access to the environment -
answerC) A laptop with sensitive data on it
, Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst.
Yesterday, Siobhan got a parking ticket while shopping after work. What should
Siobhan do? (D1, L1.5.1)
A) Inform (ISC)²
B) Pay the parking ticket
C) Inform supervisors at Triffid
D) Resign employment from Triffid - answerB) Pay the parking ticket
Which of the following is an example of a "something you are" authentication factor?
(D1, L1.1.1)
A) A credit card presented to a cash machine
B) Your password and PIN
C) A user ID
D) A photograph of your face - answerD) A photograph of your face
For which of the following systems would the security concept of availability probably be
most important? (D1, L1.1.1)
A) Medical systems that store patient data
B) Retail records of past transactions
C) Online streaming of camera feeds that display historical works of art in museums
around the world
D) Medical systems that monitor patient condition in an intensive care unit - answerD)
Medical systems that monitor patient condition in an intensive care unit
In risk management concepts, a(n) _________ is something a security practitioner
might need to protect. (D1, L1.2.1)
A) Vulnerability
B) Asset
C) Threat
D) Likelihood - answerB) Asset
Triffid Corporation has a policy that all employees must receive security awareness
instruction before using email; the company wants to make employees aware of
potential phishing attempts that the employees might receive via email. What kind of
control is this instruction? (D1, L1.3.1)
A) Administrative
B) Finite
C) Physical
D) Technical - answerA) Administrative
What is the overall objective of a disaster recovery (DR) effort? (D2, L2.3.1)
