WGU C795 Cybersecurity Management II - Tactical
Questions and Answers (2022/2023) (Verified Answers)
As an IT security professional, you have just been hired by a multisite automotive
dealership to protect and manage its computer network. What is your first task in
establishing a secure defense system for the company?This task contains the radio
buttons and checkboxes for options. The shortcut keys to perform this task are A to H
and alt+1 to alt+9.
A
Hire a system security vendor.
B
Perform a full vulnerability assessment.
C
Perform an asset inventory and classification audit.
D
Document all users on the corporate domain.
Answer C is correct.
A security administrator has to have a complete inventory of systems and equipment
connected to the corporate network. Once this information is complete and accurate, a
security professional can begin mapping vulnerabilities to the known systems.
Which characteristic most accurately describes a zero-day exploit vulnerability?This
task contains the radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
A
It is only known to hackers and a few security professionals.
B
It is only known to the hacker.
C
It was a major concern in the late 1990s, but current technology has eliminated them.
D
It is widely known, but ineffective and only used occasionally.
Explanation: Answer B is correct.
A zero-day exploit is a flaw in an operating system or program code that is discovered
,by a threat actor with the intention of exploiting the vulnerability before authors of the
code can patch or rewrite the code to eliminate the vulnerability.
CVE
MITRE Corporation
National Vulnerability Database (NVD)
National Institute of Standards and Technology's (NIST) Computer Security Division,
these days the NVD is brought to you by your friends at the Department of Homeland
Security's National Cybersecurity Division. According to them
Which organizations provide vulnerability-mapping services, tools, or resources that can
be accessed for free?This task contains the radio buttons and checkboxes for options.
The shortcut keys to perform this task are A to H and alt+1 to alt+9.
A
AARP
B
OWASP
C
NIST
D
ACLU
E
MITRE
Explanation: Answers B, C, and E are correct.
The Open Web Application Security Project (OWASP), National Institute of Standards
and Technology (NIST), and MITRE Corporation all provide free vulnerability-mapping
services, tools, or resources.
One of the main purposes of a cybersecurity professional is to help a company establish
its security requirements. Which critical components of an application risk assessment
accomplish this objective? Select all that apply.This task contains the radio buttons and
checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to
alt+9.
A
Understanding the application type
B
Determining the users
C
Establishing the criticality to business
D
, Setting the application life-cycle
E
Classifying the information processed
Explanation: Answers A, C, and E are correct.
Defining the security requirements of a risk assessment can involve multiple key factors
that should be incorporated early in the planning and development phases. The security
requirements do not include defining users or application lifespan.
cloud/software as a service (SaaS) applications.
Commercial off-the-shelf (COTS) applications. Applications developed by vendors and
installed on the organization's information systems. These applications are usually
purchased outright by organizations with usage based on licensing agreements.
Cloud/SaaS applications. Applications developed by service providers or vendors and
installed on the provider or vendor information system. Organizations typically have an
on-demand or pay-per-usage metrics.
In-house developed applications. Applications developed, installed, and maintained by
the organization using internal teams and/or contractors
With the development of faster, more reliable internet access, cloud services are
increasing in popularity. Talia researched moving part of her company's data and
infrastructure to a cloud-based service. She evaluated risks associated with cloud
services and has established a list of risks. Which risk is NOT associated with cloud or
SaaS services?This task contains the radio buttons and checkboxes for options. The
shortcut keys to perform this task are A to H and alt+1 to alt+9.
A
Limited storage scalability
B
Misaligned cybersecurity standards with the vendor
C
Legal or regulatory restrictions imposed on the company but not the vendor
D
Lack of control over a vendor's cybersecurity policies
E
Data storage confidentiality
Explanation: Answer A is correct.
Limited storage capability is not a risk in cloud-based services. One of the strong
arguments for online storage is the ability to scale to needs easily and economically.
Questions and Answers (2022/2023) (Verified Answers)
As an IT security professional, you have just been hired by a multisite automotive
dealership to protect and manage its computer network. What is your first task in
establishing a secure defense system for the company?This task contains the radio
buttons and checkboxes for options. The shortcut keys to perform this task are A to H
and alt+1 to alt+9.
A
Hire a system security vendor.
B
Perform a full vulnerability assessment.
C
Perform an asset inventory and classification audit.
D
Document all users on the corporate domain.
Answer C is correct.
A security administrator has to have a complete inventory of systems and equipment
connected to the corporate network. Once this information is complete and accurate, a
security professional can begin mapping vulnerabilities to the known systems.
Which characteristic most accurately describes a zero-day exploit vulnerability?This
task contains the radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
A
It is only known to hackers and a few security professionals.
B
It is only known to the hacker.
C
It was a major concern in the late 1990s, but current technology has eliminated them.
D
It is widely known, but ineffective and only used occasionally.
Explanation: Answer B is correct.
A zero-day exploit is a flaw in an operating system or program code that is discovered
,by a threat actor with the intention of exploiting the vulnerability before authors of the
code can patch or rewrite the code to eliminate the vulnerability.
CVE
MITRE Corporation
National Vulnerability Database (NVD)
National Institute of Standards and Technology's (NIST) Computer Security Division,
these days the NVD is brought to you by your friends at the Department of Homeland
Security's National Cybersecurity Division. According to them
Which organizations provide vulnerability-mapping services, tools, or resources that can
be accessed for free?This task contains the radio buttons and checkboxes for options.
The shortcut keys to perform this task are A to H and alt+1 to alt+9.
A
AARP
B
OWASP
C
NIST
D
ACLU
E
MITRE
Explanation: Answers B, C, and E are correct.
The Open Web Application Security Project (OWASP), National Institute of Standards
and Technology (NIST), and MITRE Corporation all provide free vulnerability-mapping
services, tools, or resources.
One of the main purposes of a cybersecurity professional is to help a company establish
its security requirements. Which critical components of an application risk assessment
accomplish this objective? Select all that apply.This task contains the radio buttons and
checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to
alt+9.
A
Understanding the application type
B
Determining the users
C
Establishing the criticality to business
D
, Setting the application life-cycle
E
Classifying the information processed
Explanation: Answers A, C, and E are correct.
Defining the security requirements of a risk assessment can involve multiple key factors
that should be incorporated early in the planning and development phases. The security
requirements do not include defining users or application lifespan.
cloud/software as a service (SaaS) applications.
Commercial off-the-shelf (COTS) applications. Applications developed by vendors and
installed on the organization's information systems. These applications are usually
purchased outright by organizations with usage based on licensing agreements.
Cloud/SaaS applications. Applications developed by service providers or vendors and
installed on the provider or vendor information system. Organizations typically have an
on-demand or pay-per-usage metrics.
In-house developed applications. Applications developed, installed, and maintained by
the organization using internal teams and/or contractors
With the development of faster, more reliable internet access, cloud services are
increasing in popularity. Talia researched moving part of her company's data and
infrastructure to a cloud-based service. She evaluated risks associated with cloud
services and has established a list of risks. Which risk is NOT associated with cloud or
SaaS services?This task contains the radio buttons and checkboxes for options. The
shortcut keys to perform this task are A to H and alt+1 to alt+9.
A
Limited storage scalability
B
Misaligned cybersecurity standards with the vendor
C
Legal or regulatory restrictions imposed on the company but not the vendor
D
Lack of control over a vendor's cybersecurity policies
E
Data storage confidentiality
Explanation: Answer A is correct.
Limited storage capability is not a risk in cloud-based services. One of the strong
arguments for online storage is the ability to scale to needs easily and economically.
