Page 1 of 86
C725 WGU MASTER'S COURSE| WGU C725 -
INFORMATION
SECURITY AND ASSURANCE SET 2 EXAM
QUESTIONS AND ANSWERS
Which type of policy establishes a security plan, assigns management
responsibilities, and states an organization's computer security objectives?
A. Framework-level
B. Program-level
C. System-specific
D. Issue-specific -- ANSWER--B
A company consults a best practices manual from its vendor while deploying a
new IT system.Which type of document does this exemplify?
A. Procedures
B. Guidelines
C. Policies
D. Standards -- ANSWER--B
Which type of technology are DropBox, Skype, and Office 365 examples of?
, Page 2 of 86
A. Local Area Network B. Wireless
C. Wide Area Network
D. Cloud Computing -- ANSWER--D
An organization has all of its offices in several different buildings that are
situated on a large city block.
Which type of network is specifically suited to connect these offices to the
organization's network?
A. Wireless
B. Campus
C. Metropolitan
D. Wide -- ANSWER--B
A new bookkeeper receives an email claiming to come from an online banking
site. The bookkeeper clicks on an embedded link and enters some of the
company's banking information into the cybercriminal's website.
Which security method can deter this type of attack in the future?
A. Employee security training
B. Principle of least privilege
C. Change management
, Page 3 of 86
D. Separation of duties -- ANSWER--A
A network security engineer is tasked with preparing audit reports for the
auditor. The internal auditor sends the reports to the external auditor who
discovers that fraud was committed and that the network security engineer has
falsified the reports.
Which security principle should be used to stop this type of fraud from
happening?
A. Separation of duties
B. Least privilege
C. Network segmentation
D. Defense in depth -- ANSWER--A
An employee has worked for the same organization for years and still has
access to legal files even though this employee now works in accounting.
Which principle has been violated?
A. Least privilege
B. Network segmentation
C. Separation of duties
, Page 4 of 86
D. Defense in depth -- ANSWER--A
Which risk management strategy has the senior leadership decided to employ?
A. Deterrence
B. Assignment
C. Acceptance
D. Avoidance -- ANSWER--C
Which phase of the software development life cycle follows system design?
A. System requirements
B. Development
C. Testing
D. Deployment -- ANSWER--B
Which question relates to the functional aspect of computer security?
A. Does the system do the right things in the right way?
B. Does the security staff do the right job in the right way?
C. Does the system do the right things in the wrong way?
C725 WGU MASTER'S COURSE| WGU C725 -
INFORMATION
SECURITY AND ASSURANCE SET 2 EXAM
QUESTIONS AND ANSWERS
Which type of policy establishes a security plan, assigns management
responsibilities, and states an organization's computer security objectives?
A. Framework-level
B. Program-level
C. System-specific
D. Issue-specific -- ANSWER--B
A company consults a best practices manual from its vendor while deploying a
new IT system.Which type of document does this exemplify?
A. Procedures
B. Guidelines
C. Policies
D. Standards -- ANSWER--B
Which type of technology are DropBox, Skype, and Office 365 examples of?
, Page 2 of 86
A. Local Area Network B. Wireless
C. Wide Area Network
D. Cloud Computing -- ANSWER--D
An organization has all of its offices in several different buildings that are
situated on a large city block.
Which type of network is specifically suited to connect these offices to the
organization's network?
A. Wireless
B. Campus
C. Metropolitan
D. Wide -- ANSWER--B
A new bookkeeper receives an email claiming to come from an online banking
site. The bookkeeper clicks on an embedded link and enters some of the
company's banking information into the cybercriminal's website.
Which security method can deter this type of attack in the future?
A. Employee security training
B. Principle of least privilege
C. Change management
, Page 3 of 86
D. Separation of duties -- ANSWER--A
A network security engineer is tasked with preparing audit reports for the
auditor. The internal auditor sends the reports to the external auditor who
discovers that fraud was committed and that the network security engineer has
falsified the reports.
Which security principle should be used to stop this type of fraud from
happening?
A. Separation of duties
B. Least privilege
C. Network segmentation
D. Defense in depth -- ANSWER--A
An employee has worked for the same organization for years and still has
access to legal files even though this employee now works in accounting.
Which principle has been violated?
A. Least privilege
B. Network segmentation
C. Separation of duties
, Page 4 of 86
D. Defense in depth -- ANSWER--A
Which risk management strategy has the senior leadership decided to employ?
A. Deterrence
B. Assignment
C. Acceptance
D. Avoidance -- ANSWER--C
Which phase of the software development life cycle follows system design?
A. System requirements
B. Development
C. Testing
D. Deployment -- ANSWER--B
Which question relates to the functional aspect of computer security?
A. Does the system do the right things in the right way?
B. Does the security staff do the right job in the right way?
C. Does the system do the right things in the wrong way?
