WGU 430 Fundamentals of Information Security – Domain 7:
Systems and Application Security – practice test Questions
and Answers; verified and accurate 2025/2026
Keylogger - correct answer A type of Trojan used to capture data keylogged on a
system.
Know Your Customer (KYC) - correct answer Formalized process for identity proofing,
enacted into national and international laws affecting most countries; it also requires
ascertaining and proving the legitimacy of the source of ownership and control of funds,
assets or property to detect and prevent financial crimes such as fraud and money
laundering. KYC has since been applied to many forms of cyber business and is
becoming a part of stronger digital identity systems.
Logic Bomb - correct answer A type of Trojan that typically executes a destructive
routine when certain conditions are met, such as date and time.
Memory-Based Rootkits - correct answer Malware that has no persistent code and,
therefore, does not survive a reboot.
Payload - correct answer The primary action of a malicious code attack.
Private Cloud - correct answer The cloud infrastructure provisioned for exclusive use
by a single organization comprising multiple consumers (e.g., business units). It may be
owned, managed and operated by the organization, a third party or some combination
of them, and it may exist on or off premises. Source: NIST SP 800-145
Ransomware - correct answer Malware used for the purpose of facilitating a ransom
attack.
Rootkit - correct answer Codes that mask intrusion as well as being used in the
compromise of a system.
, Sandbox - correct answer A secluded environment on a computer, where you can run
untested code or malware to study the results without having any ill effects on the rest
of your software.
Service-Level Agreement - correct answer An SLA is a contract that exists between
customers and their service provider or between service providers. It records the
common understanding about services, priorities, responsibilities, guarantees,
warranties, etc. to be provided—collectively, the level of service. The SLA may specify
the levels of availability, serviceability, performance, operation or other attributes of the
service, such as billing. In some contracts, penalties may be agreed upon in the case of
non-compliance.
Trapdoor - correct answer See "Backdoor"
Virus - correct answer A software program written with the intent and capability to copy
and disperse itself without the knowledge and cooperation of the owner or user of the
particular system. Researchers of malicious software disagree on a perfect definition of
a virus; however, a common definition may be a program that modifies other programs
to contain a possibly altered version of itself.
Whaling Attack - correct answer Phishing attacks that attempt to trick highly placed
officials or private individuals with sizable assets into authorizing large fund wire
transfers to previously unknown entities.
Worm - correct answer A software program written with the intent and capability to
copy and disperse itself without the knowledge and cooperation of the owner or user of
the particular system, but without needing to modify other programs to contain copies of
itself.
Anything as a Service (XaaS) - correct answer An imprecise, generic term which refers
to the growth in services, tools, technologies and capabilities being offered via the
internet to businesses and consumers. XaaS capabilities may or may not be cloud-
hosted. Unlike SaaS, PaaS and IaaS, XaaS does not represent or imply any consistent
architectural ideas, approaches, concepts or designs.
Systems and Application Security – practice test Questions
and Answers; verified and accurate 2025/2026
Keylogger - correct answer A type of Trojan used to capture data keylogged on a
system.
Know Your Customer (KYC) - correct answer Formalized process for identity proofing,
enacted into national and international laws affecting most countries; it also requires
ascertaining and proving the legitimacy of the source of ownership and control of funds,
assets or property to detect and prevent financial crimes such as fraud and money
laundering. KYC has since been applied to many forms of cyber business and is
becoming a part of stronger digital identity systems.
Logic Bomb - correct answer A type of Trojan that typically executes a destructive
routine when certain conditions are met, such as date and time.
Memory-Based Rootkits - correct answer Malware that has no persistent code and,
therefore, does not survive a reboot.
Payload - correct answer The primary action of a malicious code attack.
Private Cloud - correct answer The cloud infrastructure provisioned for exclusive use
by a single organization comprising multiple consumers (e.g., business units). It may be
owned, managed and operated by the organization, a third party or some combination
of them, and it may exist on or off premises. Source: NIST SP 800-145
Ransomware - correct answer Malware used for the purpose of facilitating a ransom
attack.
Rootkit - correct answer Codes that mask intrusion as well as being used in the
compromise of a system.
, Sandbox - correct answer A secluded environment on a computer, where you can run
untested code or malware to study the results without having any ill effects on the rest
of your software.
Service-Level Agreement - correct answer An SLA is a contract that exists between
customers and their service provider or between service providers. It records the
common understanding about services, priorities, responsibilities, guarantees,
warranties, etc. to be provided—collectively, the level of service. The SLA may specify
the levels of availability, serviceability, performance, operation or other attributes of the
service, such as billing. In some contracts, penalties may be agreed upon in the case of
non-compliance.
Trapdoor - correct answer See "Backdoor"
Virus - correct answer A software program written with the intent and capability to copy
and disperse itself without the knowledge and cooperation of the owner or user of the
particular system. Researchers of malicious software disagree on a perfect definition of
a virus; however, a common definition may be a program that modifies other programs
to contain a possibly altered version of itself.
Whaling Attack - correct answer Phishing attacks that attempt to trick highly placed
officials or private individuals with sizable assets into authorizing large fund wire
transfers to previously unknown entities.
Worm - correct answer A software program written with the intent and capability to
copy and disperse itself without the knowledge and cooperation of the owner or user of
the particular system, but without needing to modify other programs to contain copies of
itself.
Anything as a Service (XaaS) - correct answer An imprecise, generic term which refers
to the growth in services, tools, technologies and capabilities being offered via the
internet to businesses and consumers. XaaS capabilities may or may not be cloud-
hosted. Unlike SaaS, PaaS and IaaS, XaaS does not represent or imply any consistent
architectural ideas, approaches, concepts or designs.
