WGU C844 Emerging Technologies in Cybersecurity Final
Exam Study Guide 2026 Complete Questions with
Correct Detailed Answers || 100% Guaranteed Pass
<Recent Version>
Domain 1: Foundational Concepts & Risk Management
1. What is the primary goal of performing a threat model on a new technology stack?
a) To eliminate all potential vulnerabilities before deployment.
b) To identify potential attackers, their goals, and the system's vulnerabilities.
c) To ensure compliance with all international data privacy laws.
d) To calculate the total cost of ownership (TCO) of the technology.
Answer: b) To identify potential attackers, their goals, and the system's vulnerabilities.
• Detailed Explanation: Threat modeling is a proactive, structured process used to identify
and enumerate potential threats (attackers, assets they target) and vulnerabilities. Its
goal is not to eliminate all risks (which is impossible) but to understand them so that
appropriate security controls can be prioritized and implemented. Options a, c, and d are
potential outcomes or related activities but are not the primary goal of threat modeling
itself.
2. The NIST Cybersecurity Framework is organized into five core functions. Which function
includes activities such as implementing identity management and access control?
a) Identify
b) Protect
c) Detect
d) Respond
Answer: b) Protect
• Detailed Explanation: The five core functions are Identify, Protect, Detect, Respond, and
Recover. The Protect function is specifically designed to develop and implement
appropriate safeguards to ensure delivery of critical infrastructure services. This includes
implementing technologies like Identity and Access Management (IAM), data security
protections, and security awareness training.
3. In the context of risk management, what does the term "risk appetite" refer to?
a) The maximum amount of money an organization is willing to spend on security annually.
,b) The level of risk that an organization is willing to accept in pursuit of its strategic objectives.
c) A list of all known threats to an organization's information assets.
d) The process of transferring risk to a third party, such as an insurance company.
Answer: b) The level of risk that an organization is willing to accept in pursuit of its strategic
objectives.
• Detailed Explanation: Risk appetite is a high-level, strategic concept that defines the
types and amount of risk an organization is willing to take on to achieve its goals. It
guides decision-making across the entire organization. Option a is a budget, option c is a
threat inventory, and option d describes risk transference.
4. Which of the following is a characteristic of a Zero Trust architecture?
a) It assumes all users and devices inside the corporate network are inherently trustworthy.
b) It relies heavily on a strong, static network perimeter.
c) It mandates the principle of "never trust, always verify."
d) It eliminates the need for multi-factor authentication (MFA).
Answer: c) It mandates the principle of "never trust, always verify."
• Detailed Explanation: Zero Trust is a security model that assumes breach and verifies
each request as though it originates from an untrusted network. It moves away from the
traditional "trust but verify" model (option a) and the concept of a static perimeter
(option b). MFA (option d) is a foundational component of a Zero Trust implementation,
not something it eliminates.
5. What is the main purpose of an Incident Response Plan (IRP)?
a) To prevent all security incidents from occurring.
b) To provide a structured methodology for handling a security breach.
c) To ensure all employees are trained on the latest phishing techniques.
d) To perform a penetration test on the organization's network.
Answer: b) To provide a structured methodology for handling a security breach.
• Detailed Explanation: An IRP is a set of written instructions that outline the
organization's response to a cyber incident. Its goal is to contain the damage, eradicate
the threat, and recover normal operations in a coordinated and efficient manner. It does
not prevent incidents (a), though it is part of a broader security program that includes
training (c) and testing (d).
Domain 2: Cloud Security & Virtualization
, 6. In the Shared Responsibility Model for IaaS (Infrastructure as a Service), which of the
following is typically the responsibility of the cloud customer?
a) Physical security of the data centers.
b) Securing the underlying hypervisor.
c) Patching the guest operating systems on their virtual machines.
d) Ensuring network connectivity to the cloud region.
Answer: c) Patching the guest operating systems on their virtual machines.
• Detailed Explanation: In IaaS, the cloud provider is responsible for the security of the
cloud (physical security, hypervisor, network infrastructure). The customer is responsible
for security in the cloud, which includes managing the guest OS, applications, and data.
Options a, b, and d are provider responsibilities.
7. A company uses a public cloud service but wants to ensure that its data is encrypted such
that only it can ever decrypt it, and not the cloud provider. What is this concept best known
as?
a) Data Masking
b) Confidential Computing
c) Bring Your Own Key (BYOK)
d) Tokenization
Answer: c) Bring Your Own Key (BYOK)
• Detailed Explanation: BYOK is a key management model that allows the cloud customer
to use their own encryption keys, which are not exposed to the cloud provider. This
ensures that the provider cannot access the customer's data. Confidential Computing (b)
focuses on protecting data in use (during processing), while BYOK generally relates to
data at rest. Data Masking (a) and Tokenization (d) are data obfuscation techniques.
8. What is the primary security benefit of using containerization (e.g., Docker) over traditional
virtual machines?
a) Containers are inherently more secure and do not require security patches.
b) Containers provide a smaller attack surface by sharing the host OS kernel.
c) Containers offer stronger isolation than virtual machines.
d) Containers eliminate the risk of supply chain attacks.
Answer: b) Containers provide a smaller attack surface by sharing the host OS kernel.
• Detailed Explanation: Containers package an application and its dependencies into a
single, lightweight unit that shares the host OS kernel. This reduces the attack surface
compared to a full VM which includes a separate guest OS. However, this shared kernel
Exam Study Guide 2026 Complete Questions with
Correct Detailed Answers || 100% Guaranteed Pass
<Recent Version>
Domain 1: Foundational Concepts & Risk Management
1. What is the primary goal of performing a threat model on a new technology stack?
a) To eliminate all potential vulnerabilities before deployment.
b) To identify potential attackers, their goals, and the system's vulnerabilities.
c) To ensure compliance with all international data privacy laws.
d) To calculate the total cost of ownership (TCO) of the technology.
Answer: b) To identify potential attackers, their goals, and the system's vulnerabilities.
• Detailed Explanation: Threat modeling is a proactive, structured process used to identify
and enumerate potential threats (attackers, assets they target) and vulnerabilities. Its
goal is not to eliminate all risks (which is impossible) but to understand them so that
appropriate security controls can be prioritized and implemented. Options a, c, and d are
potential outcomes or related activities but are not the primary goal of threat modeling
itself.
2. The NIST Cybersecurity Framework is organized into five core functions. Which function
includes activities such as implementing identity management and access control?
a) Identify
b) Protect
c) Detect
d) Respond
Answer: b) Protect
• Detailed Explanation: The five core functions are Identify, Protect, Detect, Respond, and
Recover. The Protect function is specifically designed to develop and implement
appropriate safeguards to ensure delivery of critical infrastructure services. This includes
implementing technologies like Identity and Access Management (IAM), data security
protections, and security awareness training.
3. In the context of risk management, what does the term "risk appetite" refer to?
a) The maximum amount of money an organization is willing to spend on security annually.
,b) The level of risk that an organization is willing to accept in pursuit of its strategic objectives.
c) A list of all known threats to an organization's information assets.
d) The process of transferring risk to a third party, such as an insurance company.
Answer: b) The level of risk that an organization is willing to accept in pursuit of its strategic
objectives.
• Detailed Explanation: Risk appetite is a high-level, strategic concept that defines the
types and amount of risk an organization is willing to take on to achieve its goals. It
guides decision-making across the entire organization. Option a is a budget, option c is a
threat inventory, and option d describes risk transference.
4. Which of the following is a characteristic of a Zero Trust architecture?
a) It assumes all users and devices inside the corporate network are inherently trustworthy.
b) It relies heavily on a strong, static network perimeter.
c) It mandates the principle of "never trust, always verify."
d) It eliminates the need for multi-factor authentication (MFA).
Answer: c) It mandates the principle of "never trust, always verify."
• Detailed Explanation: Zero Trust is a security model that assumes breach and verifies
each request as though it originates from an untrusted network. It moves away from the
traditional "trust but verify" model (option a) and the concept of a static perimeter
(option b). MFA (option d) is a foundational component of a Zero Trust implementation,
not something it eliminates.
5. What is the main purpose of an Incident Response Plan (IRP)?
a) To prevent all security incidents from occurring.
b) To provide a structured methodology for handling a security breach.
c) To ensure all employees are trained on the latest phishing techniques.
d) To perform a penetration test on the organization's network.
Answer: b) To provide a structured methodology for handling a security breach.
• Detailed Explanation: An IRP is a set of written instructions that outline the
organization's response to a cyber incident. Its goal is to contain the damage, eradicate
the threat, and recover normal operations in a coordinated and efficient manner. It does
not prevent incidents (a), though it is part of a broader security program that includes
training (c) and testing (d).
Domain 2: Cloud Security & Virtualization
, 6. In the Shared Responsibility Model for IaaS (Infrastructure as a Service), which of the
following is typically the responsibility of the cloud customer?
a) Physical security of the data centers.
b) Securing the underlying hypervisor.
c) Patching the guest operating systems on their virtual machines.
d) Ensuring network connectivity to the cloud region.
Answer: c) Patching the guest operating systems on their virtual machines.
• Detailed Explanation: In IaaS, the cloud provider is responsible for the security of the
cloud (physical security, hypervisor, network infrastructure). The customer is responsible
for security in the cloud, which includes managing the guest OS, applications, and data.
Options a, b, and d are provider responsibilities.
7. A company uses a public cloud service but wants to ensure that its data is encrypted such
that only it can ever decrypt it, and not the cloud provider. What is this concept best known
as?
a) Data Masking
b) Confidential Computing
c) Bring Your Own Key (BYOK)
d) Tokenization
Answer: c) Bring Your Own Key (BYOK)
• Detailed Explanation: BYOK is a key management model that allows the cloud customer
to use their own encryption keys, which are not exposed to the cloud provider. This
ensures that the provider cannot access the customer's data. Confidential Computing (b)
focuses on protecting data in use (during processing), while BYOK generally relates to
data at rest. Data Masking (a) and Tokenization (d) are data obfuscation techniques.
8. What is the primary security benefit of using containerization (e.g., Docker) over traditional
virtual machines?
a) Containers are inherently more secure and do not require security patches.
b) Containers provide a smaller attack surface by sharing the host OS kernel.
c) Containers offer stronger isolation than virtual machines.
d) Containers eliminate the risk of supply chain attacks.
Answer: b) Containers provide a smaller attack surface by sharing the host OS kernel.
• Detailed Explanation: Containers package an application and its dependencies into a
single, lightweight unit that shares the host OS kernel. This reduces the attack surface
compared to a full VM which includes a separate guest OS. However, this shared kernel
