WGU D430 FUNDAMENTALS OF INFORMATION
SECURITY EXAM OBJECTIVE ASSESSMENT
NEWEST 2024 TEST BANK ACTUAL EXAM 300
QUESTIONS AND CORRECT DETAILED
ANSWERS (VERIFIED ANSWERS) |ALREADY
GRADED A+
A company wants to update its access control
policy. The company wants to prevent hourly
employees from logging in to company
computers after business hours.
Which type of access control policy should be
implemented?
A Mandatory
B Physical
C Discretionary
D Attribute-based - ...ANSWER...D
A new software development company has
determined that one of its proprietary
algorithms is at a high risk for unauthorized
disclosure. The company's security up to this
point has been fairly lax.
Which procedure should the company implement
to protect this asset?
A Transfer the algorithm onto servers in the
demilitarized zone.
B Store the algorithm on highly available
servers.
,C Relocate the algorithm to encrypted storage.
D Create multiple off-site backups of the
algorithm. -
...ANSWER...C
An accounting firm stores financial data for
many customers. The company policy requires
that employees only access data for customers
they are assigned to. The company implements
a written policy indicating an employee can be
fired for violating this requirement.
Which type of control has the company
implemented?
A Deterrent
B Active
C Preventive
D Detective - ...ANSWER...A
How can an operating system be
hardened in accordance to the principle
of least privilege?
A Implement account auditing.
B Remove unneeded services.
C Restrict account permissions.
D Remove unnecessary software. -
...ANSWER...C
A company implements an Internet-facing web
server for its sales force to review product
information. The sales force can also update its
profiles and profile photos, but not the product
information. There is no other information on
this server.
,Which content access permissions should be
granted to the sales force based on the principle
of least privilege?
A Read and limited write access
B Read and write access
C Limited write access only
D Limited read access only - ...ANSWER...A
A corporation has discovered that some
confidential personnel information has been
used inappropriately.
How can the principle of least privilege be
applied to limit access to confidential personnel
records?
A Only allow access to those with elevated
security permissions.
B Only allow access to department heads and
executives.
C Only allow access to those who need access
to perform their job.
D Only allow access to those who work in the
human resources department. - ...ANSWER...C
A user runs an application that has been
infected with malware that is less than 24 hours
old. The malware then infects the operating
system.
Which safeguard should be implemented to
prevent this type of attack?
A Install the latest security
updates.
B Uninstall unnecessary
, C Modify the default user accounts.
D Limit user account privileges. - ...ANSWER...D
A company was the victim of a security breach
resulting in stolen user credentials. An attacker
used a stolen username and password to log in
to an employee email account.
Which security practice could have reduced the
post-breach impact of this event?
A Multi-factor authentication
B Operating system hardening
C Network segmentation
D Mutual authentication - ...ANSWER...A
A module in a security awareness course shows
a user making use of two-factor authentication
using a hardware token.
Which security failure is being addressed by
this training module?
A Tailgating
B Pretexting
C Malware infections
D Weak passwords - ...ANSWER...D
Which tool should an application developer use
to help identify input validation vulnerabilities?
A scanner
SECURITY EXAM OBJECTIVE ASSESSMENT
NEWEST 2024 TEST BANK ACTUAL EXAM 300
QUESTIONS AND CORRECT DETAILED
ANSWERS (VERIFIED ANSWERS) |ALREADY
GRADED A+
A company wants to update its access control
policy. The company wants to prevent hourly
employees from logging in to company
computers after business hours.
Which type of access control policy should be
implemented?
A Mandatory
B Physical
C Discretionary
D Attribute-based - ...ANSWER...D
A new software development company has
determined that one of its proprietary
algorithms is at a high risk for unauthorized
disclosure. The company's security up to this
point has been fairly lax.
Which procedure should the company implement
to protect this asset?
A Transfer the algorithm onto servers in the
demilitarized zone.
B Store the algorithm on highly available
servers.
,C Relocate the algorithm to encrypted storage.
D Create multiple off-site backups of the
algorithm. -
...ANSWER...C
An accounting firm stores financial data for
many customers. The company policy requires
that employees only access data for customers
they are assigned to. The company implements
a written policy indicating an employee can be
fired for violating this requirement.
Which type of control has the company
implemented?
A Deterrent
B Active
C Preventive
D Detective - ...ANSWER...A
How can an operating system be
hardened in accordance to the principle
of least privilege?
A Implement account auditing.
B Remove unneeded services.
C Restrict account permissions.
D Remove unnecessary software. -
...ANSWER...C
A company implements an Internet-facing web
server for its sales force to review product
information. The sales force can also update its
profiles and profile photos, but not the product
information. There is no other information on
this server.
,Which content access permissions should be
granted to the sales force based on the principle
of least privilege?
A Read and limited write access
B Read and write access
C Limited write access only
D Limited read access only - ...ANSWER...A
A corporation has discovered that some
confidential personnel information has been
used inappropriately.
How can the principle of least privilege be
applied to limit access to confidential personnel
records?
A Only allow access to those with elevated
security permissions.
B Only allow access to department heads and
executives.
C Only allow access to those who need access
to perform their job.
D Only allow access to those who work in the
human resources department. - ...ANSWER...C
A user runs an application that has been
infected with malware that is less than 24 hours
old. The malware then infects the operating
system.
Which safeguard should be implemented to
prevent this type of attack?
A Install the latest security
updates.
B Uninstall unnecessary
, C Modify the default user accounts.
D Limit user account privileges. - ...ANSWER...D
A company was the victim of a security breach
resulting in stolen user credentials. An attacker
used a stolen username and password to log in
to an employee email account.
Which security practice could have reduced the
post-breach impact of this event?
A Multi-factor authentication
B Operating system hardening
C Network segmentation
D Mutual authentication - ...ANSWER...A
A module in a security awareness course shows
a user making use of two-factor authentication
using a hardware token.
Which security failure is being addressed by
this training module?
A Tailgating
B Pretexting
C Malware infections
D Weak passwords - ...ANSWER...D
Which tool should an application developer use
to help identify input validation vulnerabilities?
A scanner
