100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
WGU C725 Test: Questions With Accurate Solutions $15.99   Add to cart

Exam (elaborations)

WGU C725 Test: Questions With Accurate Solutions

 2 views  0 purchase
  • Course
  • WGU C725
  • Institution
  • WGU C725

WGU C725 Test: Questions With Accurate Solutions

Preview 3 out of 18  pages

  • November 10, 2024
  • 18
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • WGU C725
  • WGU C725
avatar-seller
Zendaya
WGU C725 Test: Questions With Accurate Solutions

Which groups typically report to the chief security officer (CSO)? Right Ans
- Security engineering and operations

A company is considering which controls to buy to protect an asset. What
should the price of the controls be in relation to the cost of the asset? Right
Ans - Less than the annual loss expectancy

An employee uses a secure hashing algorithm for message integrity. The
employee sends a plain text message with the embedded hash to a colleague.
A rogue device receives and retransmits the message to its destination. Once
received and checked by the intended recipient, the hashes do not match.

Which STRIDE concept has been violated? Right Ans - Tampering

An attacker accesses private emails between the company's CISO and board
members. The attacker then publishes the emails online. Which type of an
attack is this, according to the STRIDE model? Right Ans - Information
disclosure

A system data owner needs to give access to a new employee, so the owner
formally requests that the system administrator create an account and permit
the new employee to use systems necessary to the job. Which type of control
does the system administrator use to grant these permissions? Right Ans -
Access

The chief information security officer (CISO) for an organization knows that
the organization's datacenter lacks the physical controls needed to adequately
control access to sensitive corporate systems. The CEO, CIO, and CFO feel that
the current physical access is within a tolerable risk level, and they agree not
to pay for upgrades to the facility.

Which risk management strategy has the senior leadership decided to
employ? Right Ans - Acceptance

Which phase of the software development life cycle follows system design?
Right Ans - Development

,Which question relates to the functional aspect of computer security? Right
Ans - Does the system do the right things in the right way?

Which action is an example of a loss of information integrity based on the CIA
triad? Right Ans - A security engineer accidentally scrambles information
in a database.

What is included in quantitative risk analysis? Right Ans - Risk ranking

What is a fundamentally objective concept in determining risk? Right Ans -
Resource costs

Which domain of the (ISC)² Common Body of Knowledge addresses
procedures and tools that eliminate or reduce the capability to exploit critical
information? Right Ans - Operations Security

Which domain of the (ISC)² Common Body of Knowledge addresses
identification, authentication, authorization, and logging and monitoring
techniques and technologies? Right Ans - Access Control

Which type of policy establishes a security plan, assigns management
responsibilities, and states an organization's computer security objectives?
Right Ans - Program-level

A company consults a best practices manual from its vendor while deploying a
new IT system. Which type of document does this exemplify? Right Ans -
Guidelines

An organization has all of its offices in several different buildings that are
situated on a large city block. Which type of network is specifically suited to
connect these offices to the organization's network Right Ans - Campus

A network security engineer is tasked with preparing audit reports for the
auditor. The internal auditor sends the reports to the external auditor who
discovers that fraud was committed and that the network security engineer
has falsified the reports. Which security principle should be used to stop this
type of fraud from happening? Right Ans - Separation of duties

, An employee has worked for the same organization for years and still has
access to legal files even though this employee now works in accounting.
Which principle has been violated? Right Ans - Least privilege

A sales specialist is a normal user of a corporate network. The corporate
network uses subjects, objects, and labels to grant users access. Which access
control methodology is the corporation using? Right Ans - Mandatory

What is considered a valid method for testing an organization's disaster
recovery plan, according to the Certified Information Systems Security
Professional (CISSP)? Right Ans - Checklist

Who directs policies and procedures that are designed to protect information
resources in an organization? Right Ans - Information resources security
officer

Which topics should be included in employee security training program?
Right Ans - Social engineering, shoulder surfing, phishing, malware

What is a threat to business operations Right Ans - Sophisticated hacking
tools purchased by a disgruntled employee

Which statement describes a threat? Right Ans - Spear fishing attack

Which type of control reduces the effect of an attack? Right Ans -
Corrective

Which security control should be included in a risk management policy?
Right Ans - Exception process

The organization applies comprehensive hardening to all its computer assets.
Due to the high cost of accomplishing this, the security manager decides to
withhold any further spending on IT security for the remainder of the year.
The manager believes that because of the complexity and secrecy of the
organization's security configuration, these computer assets are relatively
safe. Which flawed security principle is the security manager relying on
Right Ans - Security through obscurity

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Zendaya. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $15.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81989 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$15.99
  • (0)
  Add to cart