WGU Penetration Testing D484- WGU Exam
Study Guide – Complete Questions with
Correct Detailed Answers | Latest Updated
Version
Prepare effectively for your Western Governors University (WGU) exams with this
comprehensive and well-organized study guide. This resource contains complete exam
questions with correct and detailed answers, designed to help students understand key
concepts and successfully prepare for their WGU assessments.
WGU courses follow a competency-based learning model, meaning students must
demonstrate a strong understanding of course objectives before passing their assessments.
This study guide helps simplify the process by providing structured questions and accurate
explanations that reinforce important topics and improve exam readiness.
What This Study Guide Includes
✔ Complete exam questions covering key WGU course competencies
✔ Correct answers with clear and detailed explanations
✔ Organized format for quick and effective revision
✔ Coverage of commonly tested concepts in WGU assessments
✔ Latest updated version for reliable exam preparation
Why This Study Guide Is Helpful
This resource is designed to help students review faster, understand concepts more clearly,
and build confidence before taking WGU Objective Assessments (OA). Practicing with
structured questions and reviewing detailed answers helps strengthen knowledge and
improve test-taking skills.
Ideal For
,• WGU Objective Assessment (OA) preparation
• Midterm and final exam review
• Self-paced study and revision
• Practicing exam-style questions
• Strengthening understanding of course competencies
A valuable study resource designed to support WGU students in preparing effectively and
performing confidently in their exams.
Administrative controls
security measures implemented to monitor the adherence to organizational policies and
procedures. Those include activities such as hiring and termination policies, employee training
along with creating business continuity and incident response plans.
Physical controls
restrict, detect and monitor access to specific physical areas or assets. Methods include barriers,
tokens, biometrics or other controls such as ensuring the server room doors are properly
locked, along with using surveillance cameras and access cards.
Technical or logical controls
automate protection to prevent unauthorized access or misuse, and include Access Control Lists
(ACL), and Intrusion Detection System (IDS)/ Intrusion Prevention System (IPS) signatures and
antimalware protection that are implemented as a system hardware, software, or firmware
solution.
What is the primary goal of PenTesting?
Reduce overall risk by taking proactive steps to reduce vulnerabilities.
Principle of Least Privilege
Basic principle of security stating that something should be allocated the minimum necessary
rights, privileges, or information to perform its role.
Risk
Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.
,Threat
represents something such as malware or a natural disaster, that can accidentally or
intentionally exploit a vulnerability and cause undesirable results.
Vulnerability
is a weakness or flaw, such as a software bug, system flaw, or human error. A vulnerability can
be exploited by a threat
Risk Analysis
is a security process used to assess risk damages that can affect an organization.
Unified Threat Management (UTM)
All-in-one security appliances and agents that combine the functions of a firewall, malware
scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so
on.
Main steps of the structured PenTesting Process:
Planning and scoping, Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering
Tracks, Analysis, Reporting
Unauthorized Hacker
A hacker operating with malicious intent.
Payment Card Industry Data Security Standard (PCI DSS)
Information security standard for organizations that process credit or bank card payments.
An organization must do the following in order to protect cardholder data:
Maintain secure infrastructure using dedicated appliances and software to monitor and prevent
attacks. Implement best practices like changing default passwords, educating users on email
safety, and continuously monitoring for vulnerabilities with updated anti-malware protection.
Enforce strict access controls through the principle of least privilege and regularly test and
monitor networks.
PCI DSS Level 1
Large merchant with over six million transactions a year and external auditor by a Qualified
Security Assessor (QSA), must complete a RoC.
PCI DSS Level 2
, merchant with one to six million transactions a year, must complete a RoC.
PCI DSS Level 3
merchant with 20000 to one million transactions a year
PCI DSS Level 4
small merchant with under 20000 transactions a year
General Data Protection Regulation (GDPR)
Provisions and requirements protecting the personal data of European Union (EU) citizens.
Transfers of personal data outside the EU Single Market are restricted unless protected by like-
for-like regulations, such as the US's Privacy Shield requirements.
GDRP Components:
Require consent, Rescind Consent, Global reach, Restrict data collection, Violation reporting
Stop Hacks and Improve Electronic Data Security (SHIELD)
is a law that was enacted in New York state in March 2020 to protect citizens data. The law
requires companies to bolster their cybersecurity defense methods to prevent a data breach
and protect consumer data.
California Consumer Privacy Act (CCPA)
was enacted in 2020 and outlines specific guidelines on how to appropriately handle consumer
data. To ensure that customer data is adequately protected, vendors should include PenTesting
of all web applications, internal systems along with social engineering assessments.
Health Insurance Portability and Accountability Act (HIPAA)
is a law that mandates rigorous requirements for anyone that deals with patient information.
Computerized electronic patient records are referred to as electronic protected health
information (e-PHI). With HIPAA, the e-PHI of any patient must be protected from exposure, or
the organization can face a hefty fine.
Open Web Application Security Project (OWASP)
A charity and community publishing a number of secure application development resources.
NIST
Develops computer security standards used by US federal agencies and publishes cybersecurity
best practice guides and research.
Study Guide – Complete Questions with
Correct Detailed Answers | Latest Updated
Version
Prepare effectively for your Western Governors University (WGU) exams with this
comprehensive and well-organized study guide. This resource contains complete exam
questions with correct and detailed answers, designed to help students understand key
concepts and successfully prepare for their WGU assessments.
WGU courses follow a competency-based learning model, meaning students must
demonstrate a strong understanding of course objectives before passing their assessments.
This study guide helps simplify the process by providing structured questions and accurate
explanations that reinforce important topics and improve exam readiness.
What This Study Guide Includes
✔ Complete exam questions covering key WGU course competencies
✔ Correct answers with clear and detailed explanations
✔ Organized format for quick and effective revision
✔ Coverage of commonly tested concepts in WGU assessments
✔ Latest updated version for reliable exam preparation
Why This Study Guide Is Helpful
This resource is designed to help students review faster, understand concepts more clearly,
and build confidence before taking WGU Objective Assessments (OA). Practicing with
structured questions and reviewing detailed answers helps strengthen knowledge and
improve test-taking skills.
Ideal For
,• WGU Objective Assessment (OA) preparation
• Midterm and final exam review
• Self-paced study and revision
• Practicing exam-style questions
• Strengthening understanding of course competencies
A valuable study resource designed to support WGU students in preparing effectively and
performing confidently in their exams.
Administrative controls
security measures implemented to monitor the adherence to organizational policies and
procedures. Those include activities such as hiring and termination policies, employee training
along with creating business continuity and incident response plans.
Physical controls
restrict, detect and monitor access to specific physical areas or assets. Methods include barriers,
tokens, biometrics or other controls such as ensuring the server room doors are properly
locked, along with using surveillance cameras and access cards.
Technical or logical controls
automate protection to prevent unauthorized access or misuse, and include Access Control Lists
(ACL), and Intrusion Detection System (IDS)/ Intrusion Prevention System (IPS) signatures and
antimalware protection that are implemented as a system hardware, software, or firmware
solution.
What is the primary goal of PenTesting?
Reduce overall risk by taking proactive steps to reduce vulnerabilities.
Principle of Least Privilege
Basic principle of security stating that something should be allocated the minimum necessary
rights, privileges, or information to perform its role.
Risk
Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.
,Threat
represents something such as malware or a natural disaster, that can accidentally or
intentionally exploit a vulnerability and cause undesirable results.
Vulnerability
is a weakness or flaw, such as a software bug, system flaw, or human error. A vulnerability can
be exploited by a threat
Risk Analysis
is a security process used to assess risk damages that can affect an organization.
Unified Threat Management (UTM)
All-in-one security appliances and agents that combine the functions of a firewall, malware
scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so
on.
Main steps of the structured PenTesting Process:
Planning and scoping, Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering
Tracks, Analysis, Reporting
Unauthorized Hacker
A hacker operating with malicious intent.
Payment Card Industry Data Security Standard (PCI DSS)
Information security standard for organizations that process credit or bank card payments.
An organization must do the following in order to protect cardholder data:
Maintain secure infrastructure using dedicated appliances and software to monitor and prevent
attacks. Implement best practices like changing default passwords, educating users on email
safety, and continuously monitoring for vulnerabilities with updated anti-malware protection.
Enforce strict access controls through the principle of least privilege and regularly test and
monitor networks.
PCI DSS Level 1
Large merchant with over six million transactions a year and external auditor by a Qualified
Security Assessor (QSA), must complete a RoC.
PCI DSS Level 2
, merchant with one to six million transactions a year, must complete a RoC.
PCI DSS Level 3
merchant with 20000 to one million transactions a year
PCI DSS Level 4
small merchant with under 20000 transactions a year
General Data Protection Regulation (GDPR)
Provisions and requirements protecting the personal data of European Union (EU) citizens.
Transfers of personal data outside the EU Single Market are restricted unless protected by like-
for-like regulations, such as the US's Privacy Shield requirements.
GDRP Components:
Require consent, Rescind Consent, Global reach, Restrict data collection, Violation reporting
Stop Hacks and Improve Electronic Data Security (SHIELD)
is a law that was enacted in New York state in March 2020 to protect citizens data. The law
requires companies to bolster their cybersecurity defense methods to prevent a data breach
and protect consumer data.
California Consumer Privacy Act (CCPA)
was enacted in 2020 and outlines specific guidelines on how to appropriately handle consumer
data. To ensure that customer data is adequately protected, vendors should include PenTesting
of all web applications, internal systems along with social engineering assessments.
Health Insurance Portability and Accountability Act (HIPAA)
is a law that mandates rigorous requirements for anyone that deals with patient information.
Computerized electronic patient records are referred to as electronic protected health
information (e-PHI). With HIPAA, the e-PHI of any patient must be protected from exposure, or
the organization can face a hefty fine.
Open Web Application Security Project (OWASP)
A charity and community publishing a number of secure application development resources.
NIST
Develops computer security standards used by US federal agencies and publishes cybersecurity
best practice guides and research.
