WGU C836 MULTI/COMPREHENSIVE FINAL EXAM REVIEW QUESTIONS
AND ANSWERS 2024/2025 LATEST UPDATED A COMPLETE SOLUTION
ALL ANSWERS 100% CORRECT CONFIRMED BEST GRADED A+ FOR
SUCCESS
A user who creates a network share and sets permissions on that share is employing which
model of access control? This task contains the radio buttons and checkboxes for options. The
shortcut keys to perform this task are A to H and alt+1 to alt+9.
A. Mandatory access control
B. Discretionary access control
C. Attribute-based access control
D. Role-based access control - CORRECT ANSWERS Discretionary access control
What type of access control can prevent the confused deputy problem? This task contains the
radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and
alt+1 to alt+9.
A.ACLs
B.A password policy
C.Capability-based security
D.A locked door - CORRECT ANSWERS Capability-based security
Confidential Services Inc. is a military-support branch consisting of 1,400 computers with
Internet access and 250 servers. All employees are required to have security clearances. From
the options listed below, what access control model would be most appropriate for this
organization? This task contains the radio buttons and checkboxes for options. The shortcut
keys to perform this task are A to H and alt+1 to alt+9.
A.Discretionary access control
B.Role-based access control
C.Attribute-based access control
D.Mandatory access control - CORRECT ANSWERS D.Mandatory access control
,WGU C836 MULTI/COMPREHENSIVE FINAL EXAM REVIEW QUESTIONS
AND ANSWERS 2024/2025 LATEST UPDATED A COMPLETE SOLUTION
ALL ANSWERS 100% CORRECT CONFIRMED BEST GRADED A+ FOR
SUCCESS
A VPN connection that is set to time out after 24 hours is demonstrating which model of access
control? This task contains the radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
A.Mandatory access control
B.Role-based access control
C.Attribute-based access control
D.Discretionary access control - CORRECT ANSWERS Attribute-based access control
Lesson: Authorization and Access Control
Objective: More Advanced
States that we should allow only the bare minimum access required in order for a given party
(person, user account, or process) to perform a needed functionality - CORRECT
ANSWERS Principle of least privilege
Typically built to a certain resource, these contain the identifiers of the party allowed to access
the resource and what the party is allowed to do. - CORRECT ANSWERS Access control
lists (ACLs)
In this method of security, a person's capabilities are oriented around the use of a token that
controls their access (e.g. a personal badge) - CORRECT ANSWERS Capability-based
security
A type of attack that is more common in systems that use ACLs rather than capabilities -
CORRECT ANSWERS The confused deputy problem
,WGU C836 MULTI/COMPREHENSIVE FINAL EXAM REVIEW QUESTIONS
AND ANSWERS 2024/2025 LATEST UPDATED A COMPLETE SOLUTION
ALL ANSWERS 100% CORRECT CONFIRMED BEST GRADED A+ FOR
SUCCESS
A type of attack that misuses the authority of the browser on the user's computer -
CORRECT ANSWERS Cross-site request forgery (CSRF)
Access is determined by the owner of the resource in question - CORRECT ANSWERS
Discretionary access control (DAC)
Similar to MAC in that access controls are set by an authority responsible for doing so, rather
than by the owner of the resource. In this model, access is based on the role the individual is
performing - CORRECT ANSWERS Role-based access control (RBAC)
Access is based on attributes (of a person, a resource, or an environment) - CORRECT
ANSWERS Attribute-based access control
Designed to prevent conflicts of interest; commonly used in industries that handle sensitive
data. Three main resource classes are considered in this model: objects, company groups, and
conflict classes. - CORRECT ANSWERS The Brewer and Nash model
A combination of DAC and MAC, primarily concerned with the confidentiality of the resource.
Two security properties define how information can flow to and from the resource: the simple
security property and the * property. - CORRECT ANSWERS The Bell-LaPadula model
Primarily concerned with protecting the integrity of data, even at the expense of confidentiality.
Two security rules: the simple integrity axiom and the * integrity axiom. - CORRECT
ANSWERS The Biba model
An access control model that includes many tiers of security and is used extensively by military
and government organizations and those that handle data of a very sensitive nature -
CORRECT ANSWERS Multilevel access control model
, WGU C836 MULTI/COMPREHENSIVE FINAL EXAM REVIEW QUESTIONS
AND ANSWERS 2024/2025 LATEST UPDATED A COMPLETE SOLUTION
ALL ANSWERS 100% CORRECT CONFIRMED BEST GRADED A+ FOR
SUCCESS
What process ensures compliance with applicable laws, policies, and other bodies of
administrative control, and detects misuse? This task contains the radio buttons and
checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.
A.Nonrepudiation
B.Deterrence
C.Auditing
D.Accountability
E.Authorization - CORRECT ANSWERS C.Auditing
Lesson: Auditing and Accountability
Objective: Introduction
Nessus is an example of a(n) _______________ tool. This task contains the radio buttons and
checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.
A.Fuzzing
B.Anti-virus
C.Anti-malware
D.Vulnerability scanning
E.Penetration testing - CORRECT ANSWERS D.Vulnerability scanning
A surveillance video log contains a record, including the exact date and time, of an individual
gaining access to his company's office building after hours. He denies that he was there during
that time, but the existence of the video log proves otherwise. What benefit of accountability
AND ANSWERS 2024/2025 LATEST UPDATED A COMPLETE SOLUTION
ALL ANSWERS 100% CORRECT CONFIRMED BEST GRADED A+ FOR
SUCCESS
A user who creates a network share and sets permissions on that share is employing which
model of access control? This task contains the radio buttons and checkboxes for options. The
shortcut keys to perform this task are A to H and alt+1 to alt+9.
A. Mandatory access control
B. Discretionary access control
C. Attribute-based access control
D. Role-based access control - CORRECT ANSWERS Discretionary access control
What type of access control can prevent the confused deputy problem? This task contains the
radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and
alt+1 to alt+9.
A.ACLs
B.A password policy
C.Capability-based security
D.A locked door - CORRECT ANSWERS Capability-based security
Confidential Services Inc. is a military-support branch consisting of 1,400 computers with
Internet access and 250 servers. All employees are required to have security clearances. From
the options listed below, what access control model would be most appropriate for this
organization? This task contains the radio buttons and checkboxes for options. The shortcut
keys to perform this task are A to H and alt+1 to alt+9.
A.Discretionary access control
B.Role-based access control
C.Attribute-based access control
D.Mandatory access control - CORRECT ANSWERS D.Mandatory access control
,WGU C836 MULTI/COMPREHENSIVE FINAL EXAM REVIEW QUESTIONS
AND ANSWERS 2024/2025 LATEST UPDATED A COMPLETE SOLUTION
ALL ANSWERS 100% CORRECT CONFIRMED BEST GRADED A+ FOR
SUCCESS
A VPN connection that is set to time out after 24 hours is demonstrating which model of access
control? This task contains the radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
A.Mandatory access control
B.Role-based access control
C.Attribute-based access control
D.Discretionary access control - CORRECT ANSWERS Attribute-based access control
Lesson: Authorization and Access Control
Objective: More Advanced
States that we should allow only the bare minimum access required in order for a given party
(person, user account, or process) to perform a needed functionality - CORRECT
ANSWERS Principle of least privilege
Typically built to a certain resource, these contain the identifiers of the party allowed to access
the resource and what the party is allowed to do. - CORRECT ANSWERS Access control
lists (ACLs)
In this method of security, a person's capabilities are oriented around the use of a token that
controls their access (e.g. a personal badge) - CORRECT ANSWERS Capability-based
security
A type of attack that is more common in systems that use ACLs rather than capabilities -
CORRECT ANSWERS The confused deputy problem
,WGU C836 MULTI/COMPREHENSIVE FINAL EXAM REVIEW QUESTIONS
AND ANSWERS 2024/2025 LATEST UPDATED A COMPLETE SOLUTION
ALL ANSWERS 100% CORRECT CONFIRMED BEST GRADED A+ FOR
SUCCESS
A type of attack that misuses the authority of the browser on the user's computer -
CORRECT ANSWERS Cross-site request forgery (CSRF)
Access is determined by the owner of the resource in question - CORRECT ANSWERS
Discretionary access control (DAC)
Similar to MAC in that access controls are set by an authority responsible for doing so, rather
than by the owner of the resource. In this model, access is based on the role the individual is
performing - CORRECT ANSWERS Role-based access control (RBAC)
Access is based on attributes (of a person, a resource, or an environment) - CORRECT
ANSWERS Attribute-based access control
Designed to prevent conflicts of interest; commonly used in industries that handle sensitive
data. Three main resource classes are considered in this model: objects, company groups, and
conflict classes. - CORRECT ANSWERS The Brewer and Nash model
A combination of DAC and MAC, primarily concerned with the confidentiality of the resource.
Two security properties define how information can flow to and from the resource: the simple
security property and the * property. - CORRECT ANSWERS The Bell-LaPadula model
Primarily concerned with protecting the integrity of data, even at the expense of confidentiality.
Two security rules: the simple integrity axiom and the * integrity axiom. - CORRECT
ANSWERS The Biba model
An access control model that includes many tiers of security and is used extensively by military
and government organizations and those that handle data of a very sensitive nature -
CORRECT ANSWERS Multilevel access control model
, WGU C836 MULTI/COMPREHENSIVE FINAL EXAM REVIEW QUESTIONS
AND ANSWERS 2024/2025 LATEST UPDATED A COMPLETE SOLUTION
ALL ANSWERS 100% CORRECT CONFIRMED BEST GRADED A+ FOR
SUCCESS
What process ensures compliance with applicable laws, policies, and other bodies of
administrative control, and detects misuse? This task contains the radio buttons and
checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.
A.Nonrepudiation
B.Deterrence
C.Auditing
D.Accountability
E.Authorization - CORRECT ANSWERS C.Auditing
Lesson: Auditing and Accountability
Objective: Introduction
Nessus is an example of a(n) _______________ tool. This task contains the radio buttons and
checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.
A.Fuzzing
B.Anti-virus
C.Anti-malware
D.Vulnerability scanning
E.Penetration testing - CORRECT ANSWERS D.Vulnerability scanning
A surveillance video log contains a record, including the exact date and time, of an individual
gaining access to his company's office building after hours. He denies that he was there during
that time, but the existence of the video log proves otherwise. What benefit of accountability
