WGU D489 TASK 1 | CYBERSECURITY
MANAGEMENT | EXAM QUESTIONS &
CORRECT ANSWERS
1.
A company is implementing a new security policy that requires multi-factor
authentication (MFA) for all remote access. Which of the following best describes
the primary benefit of MFA?
A. It eliminates the need for passwords.
B. It reduces the risk of credential theft and unauthorized access.
C. It simplifies user access management.
D. It removes the need for logging and auditing.
Answer: B
Rationale: MFA requires multiple authentication factors, making it much harder
for attackers to compromise accounts even if passwords are stolen.
2.
A security manager is reviewing access control policies and wants to ensure that
users only have access to what they need to perform their jobs. Which principle is
being applied?
A. Least Privilege
B. Separation of Duties
C. Need to Know
D. Role-Based Access Control
Answer: A
Rationale: Least privilege limits user access to only what is necessary for their
role, reducing risk.
,3.
A company’s SOC has detected unusual outbound traffic from a workstation to an
unknown IP address. The security analyst suspects malware. What should be the
FIRST action?
A. Notify the CEO.
B. Disconnect the workstation from the network.
C. Reboot the workstation.
D. Update antivirus definitions.
Answer: B
Rationale: Disconnecting the system prevents further data exfiltration and limits
spread while preserving evidence.
4.
During a risk assessment, an analyst identifies that the company has a single point
of failure in its data center power supply. This is an example of what type of risk?
A. Strategic Risk
B. Operational Risk
C. Compliance Risk
D. Financial Risk
Answer: B
Rationale: Operational risk includes disruptions in systems or processes that affect
business continuity.
5.
A company is developing its incident response plan. Which of the following is the
most important reason for including a communication plan?
A. To ensure the IT team can work without interruptions.
B. To ensure stakeholders are informed and legal requirements are met.
C. To reduce the cost of incident response.
D. To eliminate the need for documentation.
,Answer: B
Rationale: Communication plans ensure proper notification of stakeholders,
regulatory compliance, and coordinated response.
6.
Which of the following BEST defines “risk appetite”?
A. The amount of risk a company is willing to accept to achieve objectives
B. The total number of risks identified in an assessment
C. The cost of mitigating all identified risks
D. The probability of a threat occurring
Answer: A
Rationale: Risk appetite is the level of risk an organization is willing to accept.
7.
A company wants to protect sensitive data at rest. Which of the following controls
is MOST appropriate?
A. Data encryption
B. Intrusion detection system
C. Network segmentation
D. Vulnerability scanning
Answer: A
Rationale: Encryption protects data at rest by making it unreadable without the
correct keys.
, 8.
A security team uses a vulnerability scanner to identify weaknesses in their web
applications. The scanner finds a SQL injection vulnerability. Which phase of the
SDLC is MOST important to address this vulnerability?
A. Requirements
B. Design
C. Development
D. Maintenance
Answer: C
Rationale: SQL injection vulnerabilities are typically introduced during
development and should be addressed through secure coding practices.
9.
A healthcare organization must comply with HIPAA. What is the primary focus of
HIPAA?
A. Protecting financial transactions
B. Protecting patient health information
C. Protecting government data
D. Protecting intellectual property
Answer: B
Rationale: HIPAA protects the confidentiality, integrity, and availability of
protected health information (PHI).
MANAGEMENT | EXAM QUESTIONS &
CORRECT ANSWERS
1.
A company is implementing a new security policy that requires multi-factor
authentication (MFA) for all remote access. Which of the following best describes
the primary benefit of MFA?
A. It eliminates the need for passwords.
B. It reduces the risk of credential theft and unauthorized access.
C. It simplifies user access management.
D. It removes the need for logging and auditing.
Answer: B
Rationale: MFA requires multiple authentication factors, making it much harder
for attackers to compromise accounts even if passwords are stolen.
2.
A security manager is reviewing access control policies and wants to ensure that
users only have access to what they need to perform their jobs. Which principle is
being applied?
A. Least Privilege
B. Separation of Duties
C. Need to Know
D. Role-Based Access Control
Answer: A
Rationale: Least privilege limits user access to only what is necessary for their
role, reducing risk.
,3.
A company’s SOC has detected unusual outbound traffic from a workstation to an
unknown IP address. The security analyst suspects malware. What should be the
FIRST action?
A. Notify the CEO.
B. Disconnect the workstation from the network.
C. Reboot the workstation.
D. Update antivirus definitions.
Answer: B
Rationale: Disconnecting the system prevents further data exfiltration and limits
spread while preserving evidence.
4.
During a risk assessment, an analyst identifies that the company has a single point
of failure in its data center power supply. This is an example of what type of risk?
A. Strategic Risk
B. Operational Risk
C. Compliance Risk
D. Financial Risk
Answer: B
Rationale: Operational risk includes disruptions in systems or processes that affect
business continuity.
5.
A company is developing its incident response plan. Which of the following is the
most important reason for including a communication plan?
A. To ensure the IT team can work without interruptions.
B. To ensure stakeholders are informed and legal requirements are met.
C. To reduce the cost of incident response.
D. To eliminate the need for documentation.
,Answer: B
Rationale: Communication plans ensure proper notification of stakeholders,
regulatory compliance, and coordinated response.
6.
Which of the following BEST defines “risk appetite”?
A. The amount of risk a company is willing to accept to achieve objectives
B. The total number of risks identified in an assessment
C. The cost of mitigating all identified risks
D. The probability of a threat occurring
Answer: A
Rationale: Risk appetite is the level of risk an organization is willing to accept.
7.
A company wants to protect sensitive data at rest. Which of the following controls
is MOST appropriate?
A. Data encryption
B. Intrusion detection system
C. Network segmentation
D. Vulnerability scanning
Answer: A
Rationale: Encryption protects data at rest by making it unreadable without the
correct keys.
, 8.
A security team uses a vulnerability scanner to identify weaknesses in their web
applications. The scanner finds a SQL injection vulnerability. Which phase of the
SDLC is MOST important to address this vulnerability?
A. Requirements
B. Design
C. Development
D. Maintenance
Answer: C
Rationale: SQL injection vulnerabilities are typically introduced during
development and should be addressed through secure coding practices.
9.
A healthcare organization must comply with HIPAA. What is the primary focus of
HIPAA?
A. Protecting financial transactions
B. Protecting patient health information
C. Protecting government data
D. Protecting intellectual property
Answer: B
Rationale: HIPAA protects the confidentiality, integrity, and availability of
protected health information (PHI).
