WGU C725 Final Exam Questions With Answers Latest Update 2024 (Graded A+)

WGU C725 Final Exam Questions With Answers Latest Update 2024 (Graded A+) Which groups typically report to the chief security officer (CSO)?:  Security engineering and operations 2. A company is considering which controls to buy to protect an asset. What should the price of the controls be in relation to the cost of the asset?:  Less than the annual loss expectancy 3. An employee uses a secure hashing algorithm for message integrity. The employee sends a plain text message with the embedded hash to a colleague. A rogue device receives and retransmits the message to its destination. Once received and checked by the intended recipient, the hashes do not match. Which STRIDE concept has been violated?:  Tampering 4. An attacker accesses private emails between the company's CISO and board members. The attacker then publishes the emails online. Which type of an attack is this, according to the STRIDE model?:  Information disclosure WGU C725 Practice Test Questions With Answers | Latest Update 2023/2024 Graded 100% 2 / 14 5. A system data owner needs to give access to a new employee, so the owner formally requests that the system administrator create an account and permit the new employee to use systems necessary to the job. Which type of control does the system administrator use to grant these permissions?: Access 6. The chief information security officer (CISO) for an organization knows that the organization's datacenter lacks the physical controls needed to adequately control access to sensitive corporate systems. The CEO, CIO, and CFO feel that the current physical access is within a tolerable risk level, and they agree not to pay for upgrades to the facility. Which risk management strategy has the senior leadership decided to employ?: Acceptance 7. Which phase of the software development life cycle follows system design?-: Development 8. Which question relates to the functional aspect of computer security?: Does the system do the right things in the right way? 9. Which action is an example of a loss of information integrity based on the CIA triad?: A security engineer accidentally scrambles information in a database. 10. What is included in quantitative risk analysis?: Risk ranking 3 / 14 11. What is a fundamentally objective concept in determining risk?: Resource costs 12. Which domain of the (ISC)² Common Body of Knowledge addresses procedures and tools that eliminate or reduce the capability to exploit critical information?: Operations Security 4 / 14 13. Which domain of the (ISC)² Common Body of Knowledge addresses identification, authentication, authorization, and logging and monitoring techniques and technologies?: Access Control 14. Which type of policy establishes a security plan, assigns managementresponsibilities, and states an organization's computer security objectives?- : Program-level 15. A company consults a best practices manual from its vendor while deploying a new IT system. Which type of document does this exemplify?: Guidelines 16. An organization has all of its offices in several different buildings that are situated on a large city block. Which type of network is specifically suited to connect these offices to the organization's network: Campus 17. A network security engineer is tasked with preparing audit reports for the auditor. The internal auditor sends the reports to the external auditor who discovers that fraud was committed and that the network security engineer has falsified the reports. Which security principle should be used to stop this type of fraud from happening?: Separation of duties 18. An employee has worked for the same organization for years and still has access to legal files even though this employee now works in accounting. Which principle has been violated?: Least privilege 5 / 14 19. A sales specialist is a normal user of a corporate network. The corporate network uses subjects, objects, and labels to grant users access. Which access control methodology is the corporation using?: Mandatory 20. What is considered a valid method for testing an organization's disaster recovery plan, according to the Certified Information Systems Security Professional (CISSP)?: Checklist 21. Who directs policies and procedures that are designed to protect information resources in an organization?: Information resources security officer 22. Which topics should be included in employee security training program?- : Social engineering, shoulder surfing, phishing, malware 23. What is a threat to business operations: Sophisticated hacking tools purchased by a disgruntled employee 24. Which statement describes a threat?: Spear fishing attack 25. Which type of control reduces the effect of an attack?: Corrective 26. Which security control should be included in a risk management policy?- : Exception process 27. The organization applies comprehensive hardening to all its computer assets. Due to the high cost of accomplishing this, the security manager decides to withhold any further spending on IT security for the remainder of 6 / 14 the year. The manager believes that because of the complexity and secrecy of 7 / 14 the organization's security configuration, these computer assets are relatively safe. Which flawed security principle is the security manager relying on: Security through obscurity 28. The company receives notification from its security monitoring service that an unauthorized physical breach of its datacenter occurred. The perpetrator was able to guess the correct code to the keypad device that controls access. Which type of risk management control could have prevented this breach from occurring?: Multifactor authentication 29. 45 The company identifies a risk with an asset that has relatively low value. The cost to secure the asset is $2 million. An insurance company will insure the loss of the asset for $150,000 a year. The company decides not to take any action to protect the asset. Which risk management strategy did the company choose to follow?: 45 Acceptance 30. Which type of system controls preserves the state of the system before a crash and prevents further damage or unauthorized access to a system?: Fail 8 / 14 secure 31. A software development company follows a process where software is moved from the development environment, to the testing environment for quality assurance, and then on to production. Which individual should be restricted from migrating the software to the production environment?: Lead programmer 32. After an audit of user access, a CIO is concerned about improperly granted permissions. Which type of user access should the CIO be most concerned with?: Elevated 33. Which attack uses common words and phrases to guess passwords?: Dictionary 34. What is a disadvantage of discretionary access control (DAC)?: Empowers owners to decide access levels 35. Which password problem persists when accessing information and systems even with a strong password management and creation policy?: Passwords are repudiable.