WGU C725 TEST BANK 2023 MASTER'S COURSE INFORMATION SECURITY AND ASSURANCE 2023 TEST BANK 300 REAL EXAM QUESTIONS AND CORRECT ANSWERS|AGRADE

WGU C725 TEST BANK 2023 MASTER'S COURSE

INFORMATION SECURITY AND ASSURANCE 2023 TEST

BANK 300 REAL EXAM QUESTIONS AND CORRECT

ANSWERS|AGRADE

An employee has worked for the same organization for years and still has access to

legal files even though this employee now works in accounting. Which principle

has been violated? - ANSWER- Least privilege

A sales specialist is a normal user of a corporate network. The corporate network

uses subjects, objects, and labels to grant users access. Which access control

methodology is the corporation using? - ANSWER- Mandatory

What is considered a valid method for testing an organization's disaster recovery

plan, according to the Certified Information Systems Security Professional

(CISSP)? - ANSWER- Checklist

Who directs policies and procedures that are designed to protect information

resources in an organization? - ANSWER- Information resources security officer

Which topics should be included in employee security training program? -

ANSWER- Social engineering, shoulder surfing, phishing, malware

What is a threat to business operations - ANSWER- Sophisticated hacking tools

purchased by a disgruntled employee

Which statement describes a threat? - ANSWER- Spear fishing attack

Which type of control reduces the effect of an attack? - ANSWER- Corrective

Which security control should be included in a risk management policy? -

ANSWER- Exception process

The organization applies comprehensive hardening to all its computer assets. Due

to the high cost of accomplishing this, the security manager decides to withhold

any further spending on IT security for the remainder of the year. The manager

believes that because of the complexity and secrecy of the organization's security

configuration, these computer assets are relatively safe. Which flawed security

principle is the security manager relying on - ANSWER- Security through

obscurity

The company receives notification from its security monitoring service that an

unauthorized physical breach of its datacenter occurred. The perpetrator was able

to guess the correct code to the keypad device that controls access. Which type of

risk management control could have prevented this breach from occurring? -

ANSWER- Multifactor authentication

The company identifies a risk with an asset that has relatively low value. The cost

to secure the asset is $2 million. An insurance company will insure the loss of the

asset for $150,000 a year. The company decides not to take any action to protect

the asset. Which risk management strategy did the company choose to follow? -

ANSWER- 45

Acceptance

Which type of system controls preserves the state of the system before a crash and

prevents further damage or unauthorized access to a system? - ANSWER- Fail

secure

A software development company follows a process where software is moved from

the development environment, to the testing environment for quality assurance,

and then on to production. Which individual should be restricted from migrating

the software to the production environment? - ANSWER- Lead programmer

After an audit of user access, a CIO is concerned about improperly granted

permissions. Which type of user access should the CIO be most concerned with? -

ANSWER- Elevated

Which attack uses common words and phrases to guess passwords? - ANSWERDictionary

What is a disadvantage of discretionary access control (DAC)? - ANSWEREmpowers owners to decide access levels

Which password problem persists when accessing information and systems even

with a strong password management and creation policy? - ANSWER- Passwords

are repudiable.

An organization wants to update its policies that govern email acceptable use,

internet acceptable use, laptop security, and wireless security. Which type of

policies should the organization update to accomplish this? - ANSWER- Issue

Specific

Which type of documents do organizations use to explain step-by-step

instructions? - ANSWER- Procedures

Data entry specialists at a hospital are only supposed to be able to enter new patient

records into the database but not be able to access existing records. Because the

permissions were not set correctly, some data entry specialists have been accessing

existing patient records and making unauthorized changes. Hospital administrators

want be able to easily grant permissions based on job type. Which security

principle should the organization implement to solve this problem? - ANSWERRBAC

A company was the victim of a phishing attack. This attack occurred because a

cybercriminal recovered employee company email addresses from a stolen laptop.

How should employee company email addresses be classified? - ANSWERBusiness sensitive

An accountant finds an error in the way interest is credited to customer accounts.

The IT department traces the error to a patch that IT put on the software used to

track customer accounts. The error cost the organization about $100,000 in

overpayments. What is the IT department's role in this case? - ANSWERCustodian

Which type of hypervisor installs directly onto the hardware where the host OS

would normally reside? - ANSWER- Type 1

Management is concerned that data will be lost when using virtual machines (VM).

What are two ways to preserve data in VMs? Choose 2 answers. - ANSWER- Full

and hypervisor updates

Which type of investigation is completed internally and examines either

operational issues or a violation of the organization's policies? - ANSWERAdministrative

Which two types of information about evidence are required to preserve the chain

of custody? - ANSWER- Relevant circumstances surrounding the collection of the

evidence

Name of the person collecting the evidenc

You must ensure that a complete inventory of your organization's assets is

maintained. Which components are necessary in the asset management inventory?

firmware versions

operating system versions

application versions

hardware devices installed - ANSWER- All the points

Question 2 :What is the primary function of portable storage media, such as Zip,

Jaz, and flash drives? - ANSWER- to exchange data

___________is the process of wiping out data from storage media to ensure that

the data is not recoverable and cannot be reused. - ANSWER- Sanitization

What defines the minimum level of security? - ANSWER- Baselines

Question 4 :As a security professional, you have been asked to determine the

appropriate retention policies for media, hardware, data, and personnel. You decide

to first document the appropriate data retention policies. Which of the following

statements is NOT true of developing these policies? - ANSWER- You should

work with data custodians to develop the appropriate data retention policy for each

type of data the organization owns.

You have been asked to provide scoping and tailoring guidance for an

organization's security controls. Which of the following guidelines is NOT true

regarding this process? - ANSWER- Scoping and tailoring are closely tied to

access control lists.