WGU C845 (ISC)2 CERTIFIED IN CYBERSECURITY - EXAM PREP EXAM
QUESTIONS WITH COMPLETE SOLUTIONS AND RATIONALES
1. A system that records which users performed specific actions is providing which security
principle?
A) Non-repudiation ✅
B) Multifactor authentication
C) Biometrics
D) Privacy
Rationale:
Non-repudiation ensures actions can be traced to a specific user and cannot be denied later.
2. In risk management, what is something that can cause harm to an organization or asset?
A) Fear
B) Threat ✅
C) Control
D) Asset
Rationale:
A threat is anything that can exploit a weakness and cause damage.
3. A software firewall running on a device is an example of what type of control?
A) Physical
B) Administrative
C) Passive
D) Technical ✅
Rationale:
Technical controls use technology (software or hardware) to protect systems.
4. Tina, an (ISC)² member, discovers an online group is sharing malware. What should she do?
,A) Nothing
B) Stop participating in the group
C) Report the group to law enforcement
D) Report the group to (ISC)² ✅
Rationale:
(ISC)² members must report unethical or illegal behavior to (ISC)².
5. A city rule stating malware creators will be fined or jailed is an example of a:
A) Policy
B) Procedure
C) Standard
D) Law ✅
Rationale:
Laws are enforced by governments and carry legal penalties.
6. PCI rules that merchants must follow to accept credit cards are an example of a:
A) Law
B) Policy
C) Standard ✅
D) Procedure
Rationale:
PCI DSS is an industry standard, not a law.
7. An employee violates company policy by streaming videos at work. What should an (ISC)²
member do?
A) Inform (ISC)²
B) Inform law enforcement
C) Inform company management ✅
D) Nothing
,Rationale:
Policy violations should be reported through organizational channels.
8. Locking sensitive paper documents in a safe at the end of the day is which type of control?
A) Administrative ✅
B) Tangential
C) Physical
D) Technical
Rationale:
The rule/process is administrative, even though a physical safe is involved.
9. Buying and implementing a security solution to reduce a known threat is an example of:
A) Acceptance
B) Avoidance
C) Mitigation ✅
D) Transference
Rationale:
Mitigation reduces risk by implementing controls.
10. Detailed instructions explaining how to wear safety gear are a:
A) Policy
B) Procedure ✅
C) Standard
D) Law
Rationale:
Procedures explain how to carry out a policy.
11. A company document stating it will follow SANS best practices is a ___, and SANS
documents are ___.
, A) Law, policy
B) Policy, standard ✅
C) Policy, law
D) Procedure, procedure
Rationale:
Organizations create policies; industry groups publish standards.
12. An (ISC)² member is asked about certification exam questions. What is allowed?
A) Inform (ISC)²
B) Explain question style, not content ✅
C) Inform supervisor
D) Nothing
Rationale:
Sharing exam content violates ethics, but discussing format is allowed.
13. Which of the following is NOT a threat?
A) Natural disaster
B) User accidentally damaging a system
C) A laptop with sensitive data on it ✅
D) External attacker
Rationale:
The laptop is an asset, not a threat.
14. An (ISC)² member receives a parking ticket after work. What should they do?
A) Inform (ISC)²
B) Pay the parking ticket ✅
C) Inform employer
D) Resign
Rationale:
Minor personal matters unrelated to work do not require reporting.
QUESTIONS WITH COMPLETE SOLUTIONS AND RATIONALES
1. A system that records which users performed specific actions is providing which security
principle?
A) Non-repudiation ✅
B) Multifactor authentication
C) Biometrics
D) Privacy
Rationale:
Non-repudiation ensures actions can be traced to a specific user and cannot be denied later.
2. In risk management, what is something that can cause harm to an organization or asset?
A) Fear
B) Threat ✅
C) Control
D) Asset
Rationale:
A threat is anything that can exploit a weakness and cause damage.
3. A software firewall running on a device is an example of what type of control?
A) Physical
B) Administrative
C) Passive
D) Technical ✅
Rationale:
Technical controls use technology (software or hardware) to protect systems.
4. Tina, an (ISC)² member, discovers an online group is sharing malware. What should she do?
,A) Nothing
B) Stop participating in the group
C) Report the group to law enforcement
D) Report the group to (ISC)² ✅
Rationale:
(ISC)² members must report unethical or illegal behavior to (ISC)².
5. A city rule stating malware creators will be fined or jailed is an example of a:
A) Policy
B) Procedure
C) Standard
D) Law ✅
Rationale:
Laws are enforced by governments and carry legal penalties.
6. PCI rules that merchants must follow to accept credit cards are an example of a:
A) Law
B) Policy
C) Standard ✅
D) Procedure
Rationale:
PCI DSS is an industry standard, not a law.
7. An employee violates company policy by streaming videos at work. What should an (ISC)²
member do?
A) Inform (ISC)²
B) Inform law enforcement
C) Inform company management ✅
D) Nothing
,Rationale:
Policy violations should be reported through organizational channels.
8. Locking sensitive paper documents in a safe at the end of the day is which type of control?
A) Administrative ✅
B) Tangential
C) Physical
D) Technical
Rationale:
The rule/process is administrative, even though a physical safe is involved.
9. Buying and implementing a security solution to reduce a known threat is an example of:
A) Acceptance
B) Avoidance
C) Mitigation ✅
D) Transference
Rationale:
Mitigation reduces risk by implementing controls.
10. Detailed instructions explaining how to wear safety gear are a:
A) Policy
B) Procedure ✅
C) Standard
D) Law
Rationale:
Procedures explain how to carry out a policy.
11. A company document stating it will follow SANS best practices is a ___, and SANS
documents are ___.
, A) Law, policy
B) Policy, standard ✅
C) Policy, law
D) Procedure, procedure
Rationale:
Organizations create policies; industry groups publish standards.
12. An (ISC)² member is asked about certification exam questions. What is allowed?
A) Inform (ISC)²
B) Explain question style, not content ✅
C) Inform supervisor
D) Nothing
Rationale:
Sharing exam content violates ethics, but discussing format is allowed.
13. Which of the following is NOT a threat?
A) Natural disaster
B) User accidentally damaging a system
C) A laptop with sensitive data on it ✅
D) External attacker
Rationale:
The laptop is an asset, not a threat.
14. An (ISC)² member receives a parking ticket after work. What should they do?
A) Inform (ISC)²
B) Pay the parking ticket ✅
C) Inform employer
D) Resign
Rationale:
Minor personal matters unrelated to work do not require reporting.
