WGU D489 TASK 1 | CYBERSECURITY MANAGEMENT | EXAM QUESTIONS AND CORRECT ANSWERS WITH RATIONALES A+ GRADE ASSURED!!!!!!NEW LATEST UPDATE!!!!!!

WGU D489 TASK 1 | CYBERSECURITY MAN b r br b r br br br




AGEMENT | EXAM QUESTIONS AND CORR br br br b r br




ECT ANSWERS WITH RATIONALES GRAD br b r b r br




ED A+ LATEST br br




1.

A company is implementing a new security policy that requires multi-
br br br b r br br br br br b r




factor authentication (MFA) for all remote access.Which of the following best descri
br br br br br br br br br br b r br




bes the primary benefit of MFA?
br br b r b r br




A. It eliminates the need for passwords.
br b r br br br




B. It reduces the risk of credential theft and unauthorized access.
br br br br br br br br br




C. It simplifies user access management.
br br br br




D. It removes the need for logging and auditing.
br br br br br br br




Answer: B br




Rationale:MFA requires multiple authentication factors,making it much harder for
br br br br br br br br br br br




attackers to compromise accounts even if passwords are stolen.
br br br br br br br br




2.

A security manager is reviewing access controlpolicies and wants to ensure that user
br br br br b r br br br br br br br br




s only have access to what they need to perform their jobs.Which principle is being ap
br br br br br br br br br br br br br br br br




plied?
A. Least Privilege br




B. Separation of Duties br br




C. Need to Know br br




D. Role-Based Access Control br br




Answer: A br




Rationale:Least privilege limits user access to only what is necessary for their role, r
br br br b r br br br br br br br br br br




educing risk. br

,3.

A company’s SOC has detected unusual outbound traffic from a workstation to an unk
br br br br br br br b r br br br br br




nown IP address. The security analyst suspects malware. What should be the FIRST
br br br br br b r br b r br br br br br




action?
A. Notify the CEO. br br




B. Disconnect the workstation fromthe network. br br br br br




C. Rebootthe workstation. br br




D. Update antivirus definitions. br b r




Answer: B br




Rationale:Disconnecting the systemprevents further data exfiltration and limits spre
br br br br br br br b r br br




ad while preserving evidence.
br b r br




4.

During a risk assessment, an analyst identifies that the company has a single point of f
br br br br br br b r br br br br br b r br br




ailure in its data center power supply. This is an example of what type of risk?
b r br br br br br br br br br br br br br br




A. Strategic Risk br




B. Operational Risk br




C. Compliance Risk br




D. Financial Risk br




Answer: B br




Rationale:Operational risk includes disruptions in systems or processes that affect busin
br br br b r br br br br br br br




ess continuity.
br




5.

A company is developing its incident responseplan. Which of the following is the mo
br br br br br br br br br br br b r br br




st important reason for including a communication plan?
br br br br b r br b r




A. To ensure the IT team can work without interruptions.
br br br br br br br br




B. To ensure stakeholders are informed and legal requirements are met.
br br br br br br br br br




C. To reduce the costof incident response.
br br br br br b r




D. To eliminate the need for documentation.
br br br br br

,Answer: B br




Rationale:Communication plans ensure proper notification of stakeholders, regulat
br br br br br br br br




ory compliance, and coordinated response.
br br br br




6.

Which of the following BEST defines “risk appetite”?
br br br br br br br




A. The amount of risk a company is willing to acceptto achieve objectives
br br br br br br br b r br br br br




B. The total number of risks identified in an assessment
br br br br br b r br br




C. The costof mitigating all identified risks
br br br b r br b r




D. The probability of a threat occurring
br br br br br




Answer: A br




Rationale:Risk appetite is the level of risk an organization is willing to accept.
br br br br br br br br br br br b r br




7.

A company wants to protectsensitive data at rest. Which of the following controls is
br br br br br br br br br br br br b r br br




MOST appropriate?
br




A. Data encryption br




B. Intrusion detection system br br




C. Network segmentation br




D. Vulnerability scanning b r




Answer: A br




Rationale:Encryption protects data at rest by making it unreadable without the corre
br br br br br br br b r br br br br




ct keys.
br

, 8.

A security team uses a vulnerability scanner to identify weaknesses in their web appl
br br br br br b r br br br br br br br




ications. The scanner finds a SQLinjection vulnerability. Which phase of the SDLC i
br br br br br br br b r br br br br br




s MOST important to address this vulnerability?
b r br br br br br




A. Requirements
B. Design
C. Development
D. Maintenance
Answer: C br




Rationale:SQLinjection vulnerabilities are typically introduced during developmen
br br br b r br br br br




t and should be addressed through secure coding practices.
br br br br br br br br




9.

A healthcare organization must comply with HIPAA. What is the primary focus of HI
br br b r br br br br br br br br br br




PAA?
A. Protecting financial transactions br br




B. Protecting patient health information br br br




C. Protecting government data br br




D. Protecting intellectual property br br




Answer: B br




Rationale:HIPAA protects the confidentiality, integrity, and availability of protecte
br br br br br br br b r br




d health information (PHI).
br br b r