WGU D483 SECURITY OPERATIONS TASK
GUIDE COMPREHENSIVE STUDY GUIDE
2026 FULL QUESTIONS AND SOLUTIONS
GRADED A+
◍ What are logs?.
Answer: Event records
◍ What is DNS filtering?.
Answer: Blocking malicious domains
◍ An organization recently had an attack that resulted in system data loss. The
system administrator must now restore the system with a data backup. What
functional security control was the system administrator able to implement?
A. Preventative
B. Responsive
C. Corrective
D. Compensating.
Answer: C.CorrectiveThe system administrator used a corrective control
after the attack. A good example of a corrective control is a backup system
that can restore data that an attacker damages during an
intrusion.Preventative controls act to eliminate or reduce the likelihood that
an attack can succeed. A preventative control operates before an attack can
take place.Responsive controls serve to direct corrective actions enacted
after the organization confirms the incident. They often document these
actions in a playbook.The compensating control is a substitute for a
principal control, as recommended by a security standard, and affords the
same (or better) level of protection but uses a different methodology or
technology.
,◍ What is a vulnerability scan?.
Answer: Identify weaknesses
◍ What is eradication in incident response?.
Answer: Remove threat
◍ What failed if a company loses track of devices?.
Answer: Asset management.
◍ Snort.
Answer: IDS, Firewalls, and Honeypots. An open source network intrusion
prevention and detection system utilizing a rule-driven language, which
combines the benefits of signature, protocol and anomaly based inspection
methods. The most widely deployed intrusion detection and prevention
technology worldwide and has become the de facto standard for the
industry.
◍ Nikto.
Answer: web server scanner that the security analyst can use to specifically
identify vulnerabilities in web servers. It can quickly scan MULTIPLE web
servers and provide comprehensive information on any detected
vulnerabilities.
◍ A security analyst is developing a python script to analyze regular text from
log files. The script will identify potential security incidents and generate
alerts for further investigation. Which of the following best describes the
security concept the analyst needs to implement in the python script to
detect obfuscated text? (Select the two best options.)
A. Code signature verification
B. Regular expression
C. String manipulation
D. Header inspection.
Answer: B.Regular expressionC.String manipulation
◍ An organization is recently experiencing a series of security incidents, and a
security analyst is investigating these incidents. The analyst needs to
, efficiently identify indicators of potentially malicious activity within the
affected applications. What should the analyst focus on to effectively
analyze and identify malicious activity within the application environment?
A. Review application logs for unusual patterns or anomalies
B. Conduct a full network vulnerability scan
C. Perform a comprehensive penetration test
D. Implement strict network access control policies.
Answer: A.Review application logs for unusual patterns or anomalies
◍ A security analyst examines suspicious activity on a Linux-based server
within the organization's network. The analyst uncovers a file containing an
obfuscated script that utilizes system-level commands. Which technique
should the analyst use to efficiently investigate potential malicious activities
related to this incident on the affected system?
A. Inspect the execution history of PowerShell scripts
B. Examine Python script execution history
C. Review JavaScript scripts output
D. Analyze shell script logs.
Answer: D.Analyze shell script logsAnalyzing shell script logs would be the
most effective way to investigate potential malicious activities related to this
incident on the affected Linux-based system. The obfuscated script seems to
be utilizing system-level commands, which is typical for shell
scripts.PowerShell is primarily on Windows-based systems, while the
affected server is Linux-based.
◍ What is asset assignment?.
Answer: Allocating assets to users
◍ An IT professional is responsible for implementing vulnerability scanning
methods for their organization's network. The organization has tasked the IT
professional with deciding whether to use an agent-based or agentless
vulnerability scanning method. What factors should the IT professional
consider when making this decision? (Select the two best options.)
A. The security clearance of the personnel conducting the scan
, B. The geographic location of the network being scanned
C. The size of the network being scanned
D. The presence of network firewalls.
Answer: C.The size of the network being scannedD.The presence of
network firewalls
◍ What does log correlation involve?.
Answer: Linking events
◍ ScoutSuite.
Answer: ScoutSuite is an audit tool that collects data such as security
misconfigurations. The tool also provides a report of discovered objects,
such as virtual machines and containers, which is the consultant's goal.
◍ OpenVAS (Open-source Scanner).
Answer: OpenVAS is an open-source scanner used to identify vulnerabilities
in systems. The consultant could use OpenVas to obtain Common
Vulnerability Scoring System (CVSS) scores but not for object
identification.
◍ What is metadata?.
Answer: Data about data
◍ splunk.
Answer: SIEM tool, the best data information gathering and analysis tool
that imports machine-generated data with an add-on
◍ A software development company has already included planning,
implementation, testing, and maintenance stages in its software development
lifecycle (SDLC). Which of the following stages did the company NOT
include? (Select the two best options.)
A. Testing
B. Design
C. Deployment
D. Post-implementation review.
Answer: B.DesignC.Deployment
GUIDE COMPREHENSIVE STUDY GUIDE
2026 FULL QUESTIONS AND SOLUTIONS
GRADED A+
◍ What are logs?.
Answer: Event records
◍ What is DNS filtering?.
Answer: Blocking malicious domains
◍ An organization recently had an attack that resulted in system data loss. The
system administrator must now restore the system with a data backup. What
functional security control was the system administrator able to implement?
A. Preventative
B. Responsive
C. Corrective
D. Compensating.
Answer: C.CorrectiveThe system administrator used a corrective control
after the attack. A good example of a corrective control is a backup system
that can restore data that an attacker damages during an
intrusion.Preventative controls act to eliminate or reduce the likelihood that
an attack can succeed. A preventative control operates before an attack can
take place.Responsive controls serve to direct corrective actions enacted
after the organization confirms the incident. They often document these
actions in a playbook.The compensating control is a substitute for a
principal control, as recommended by a security standard, and affords the
same (or better) level of protection but uses a different methodology or
technology.
,◍ What is a vulnerability scan?.
Answer: Identify weaknesses
◍ What is eradication in incident response?.
Answer: Remove threat
◍ What failed if a company loses track of devices?.
Answer: Asset management.
◍ Snort.
Answer: IDS, Firewalls, and Honeypots. An open source network intrusion
prevention and detection system utilizing a rule-driven language, which
combines the benefits of signature, protocol and anomaly based inspection
methods. The most widely deployed intrusion detection and prevention
technology worldwide and has become the de facto standard for the
industry.
◍ Nikto.
Answer: web server scanner that the security analyst can use to specifically
identify vulnerabilities in web servers. It can quickly scan MULTIPLE web
servers and provide comprehensive information on any detected
vulnerabilities.
◍ A security analyst is developing a python script to analyze regular text from
log files. The script will identify potential security incidents and generate
alerts for further investigation. Which of the following best describes the
security concept the analyst needs to implement in the python script to
detect obfuscated text? (Select the two best options.)
A. Code signature verification
B. Regular expression
C. String manipulation
D. Header inspection.
Answer: B.Regular expressionC.String manipulation
◍ An organization is recently experiencing a series of security incidents, and a
security analyst is investigating these incidents. The analyst needs to
, efficiently identify indicators of potentially malicious activity within the
affected applications. What should the analyst focus on to effectively
analyze and identify malicious activity within the application environment?
A. Review application logs for unusual patterns or anomalies
B. Conduct a full network vulnerability scan
C. Perform a comprehensive penetration test
D. Implement strict network access control policies.
Answer: A.Review application logs for unusual patterns or anomalies
◍ A security analyst examines suspicious activity on a Linux-based server
within the organization's network. The analyst uncovers a file containing an
obfuscated script that utilizes system-level commands. Which technique
should the analyst use to efficiently investigate potential malicious activities
related to this incident on the affected system?
A. Inspect the execution history of PowerShell scripts
B. Examine Python script execution history
C. Review JavaScript scripts output
D. Analyze shell script logs.
Answer: D.Analyze shell script logsAnalyzing shell script logs would be the
most effective way to investigate potential malicious activities related to this
incident on the affected Linux-based system. The obfuscated script seems to
be utilizing system-level commands, which is typical for shell
scripts.PowerShell is primarily on Windows-based systems, while the
affected server is Linux-based.
◍ What is asset assignment?.
Answer: Allocating assets to users
◍ An IT professional is responsible for implementing vulnerability scanning
methods for their organization's network. The organization has tasked the IT
professional with deciding whether to use an agent-based or agentless
vulnerability scanning method. What factors should the IT professional
consider when making this decision? (Select the two best options.)
A. The security clearance of the personnel conducting the scan
, B. The geographic location of the network being scanned
C. The size of the network being scanned
D. The presence of network firewalls.
Answer: C.The size of the network being scannedD.The presence of
network firewalls
◍ What does log correlation involve?.
Answer: Linking events
◍ ScoutSuite.
Answer: ScoutSuite is an audit tool that collects data such as security
misconfigurations. The tool also provides a report of discovered objects,
such as virtual machines and containers, which is the consultant's goal.
◍ OpenVAS (Open-source Scanner).
Answer: OpenVAS is an open-source scanner used to identify vulnerabilities
in systems. The consultant could use OpenVas to obtain Common
Vulnerability Scoring System (CVSS) scores but not for object
identification.
◍ What is metadata?.
Answer: Data about data
◍ splunk.
Answer: SIEM tool, the best data information gathering and analysis tool
that imports machine-generated data with an add-on
◍ A software development company has already included planning,
implementation, testing, and maintenance stages in its software development
lifecycle (SDLC). Which of the following stages did the company NOT
include? (Select the two best options.)
A. Testing
B. Design
C. Deployment
D. Post-implementation review.
Answer: B.DesignC.Deployment
