WGU C725 OBJECTIVE ASSESSMENT FINAL MASTER’S
COURSE INFORMATION SECURITY AND ASSURANCE OVER
130 EXAM QUESTIONS 2026/2027 || COMPREHENSIVE
CYBERSECURITY AND INFORMATION ASSURANCE EXAM
PREPARATION WITH UPDATED RISK MANAGEMENT,
GOVERNANCE, COMPLIANCE, AND SECURITY CONTROLS
REVIEW || REAL WGU-STYLE QUESTIONS WITH VERIFIED
DETAILED ACCURATE ANSWERS LATEST EDITION || ELITE
A+ PREMIUM QUALITY GUARANTEED
What is a fundamentally objective concept in determining risk? - THE
CORRECT ANSWER - Resource costs
Which domain of the (ISC)² Common Body of Knowledge addresses procedures
and tools that eliminate or reduce the capability to exploit critical information? -
THE CORRECT ANSWER - Operations Security
Which domain of the (ISC)² Common Body of Knowledge addresses
identification, authentication, authorization, and logging and monitoring
techniques and technologies? - THE CORRECT ANSWER - Access Control
Which type of policy establishes a security plan, assigns management
responsibilities, and states an organization's computer security objectives? -
THE CORRECT ANSWER - Program-level
A company consults a best practices manual from its vendor while deploying a
new IT system. Which type of document does this exemplify? - THE
CORRECT ANSWER - Guidelines
Which groups typically report to the chief security officer (CSO)? - THE
CORRECT ANSWER - Security engineering and operations
A company is considering which controls to buy to protect an asset. What should
the price of the controls be in relation to the cost of the asset? - THE
CORRECT ANSWER - Less than the annual loss expectancy
An employee uses a secure hashing algorithm for message integrity. The
employee sends a plain text message with the embedded hash to a colleague. A
,rogue device receives and retransmits the message to its destination. Once
received and checked by the intended recipient, the hashes do not match.
Which STRIDE concept has been violated? - THE CORRECT ANSWER -
Tampering
An attacker accesses private emails between the company's CISO and board
members. The attacker then publishes the emails online. Which type of an attack
is this, according to the STRIDE model? - THE CORRECT ANSWER -
Information disclosure
A system data owner needs to give access to a new employee, so the owner
formally requests that the system administrator create an account and permit the
new employee to use systems necessary to the job. Which type of control does
the system administrator use to grant these permissions? - THE CORRECT
ANSWER - Access
The chief information security officer (CISO) for an organization knows that the
organization's datacenter lacks the physical controls needed to adequately control
access to sensitive corporate systems. The CEO, CIO, and CFO feel that the
current physical access is within a tolerable risk level, and they agree not to pay
for upgrades to the facility.
Which risk management strategy has the senior leadership decided to employ? -
THE CORRECT ANSWER - Acceptance
Which phase of the software development life cycle follows system design? -
THE CORRECT ANSWER - Development
Which question relates to the functional aspect of computer security? - THE
CORRECT ANSWER - Does the system do the right things in the right way?
Which action is an example of a loss of information integrity based on the CIA
triad? - THE CORRECT ANSWER - A security engineer accidentally
scrambles information in a database.
What is included in quantitative risk analysis? - THE CORRECT ANSWER
- Risk ranking
, An organization has all of its offices in several different buildings that are situated
on a large city block. Which type of network is specifically suited to connect these
offices to the organization's network - THE CORRECT ANSWER - Campus
A network security engineer is tasked with preparing audit reports for the auditor.
The internal auditor sends the reports to the external auditor who discovers that
fraud was committed and that the network security engineer has falsified the
reports. Which security principle should be used to stop this type of fraud from
happening? - THE CORRECT ANSWER - Separation of duties
An employee has worked for the same organization for years and still has access
to legal files even though this employee now works in accounting. Which
principle has been violated? - THE CORRECT ANSWER - Least privilege
A sales specialist is a normal user of a corporate network. The corporate network
uses subjects, objects, and labels to grant users access. Which access control
methodology is the corporation using? - THE CORRECT ANSWER -
Mandatory
What is considered a valid method for testing an organization's disaster recovery
plan, according to the Certified Information Systems Security Professional
(CISSP)? - THE CORRECT ANSWER - Checklist
Who directs policies and procedures that are designed to protect information
resources in an organization? - THE CORRECT ANSWER - Information
resources security officer
Which topics should be included in employee security training program? - THE
CORRECT ANSWER - Social engineering, shoulder surfing, phishing,
malware
What is a threat to business operations - THE CORRECT ANSWER -
Sophisticated hacking tools purchased by a disgruntled employee
Which statement describes a threat? - THE CORRECT ANSWER - Spear
fishing attack
Which type of control reduces the effect of an attack? - THE CORRECT
ANSWER - Corrective
COURSE INFORMATION SECURITY AND ASSURANCE OVER
130 EXAM QUESTIONS 2026/2027 || COMPREHENSIVE
CYBERSECURITY AND INFORMATION ASSURANCE EXAM
PREPARATION WITH UPDATED RISK MANAGEMENT,
GOVERNANCE, COMPLIANCE, AND SECURITY CONTROLS
REVIEW || REAL WGU-STYLE QUESTIONS WITH VERIFIED
DETAILED ACCURATE ANSWERS LATEST EDITION || ELITE
A+ PREMIUM QUALITY GUARANTEED
What is a fundamentally objective concept in determining risk? - THE
CORRECT ANSWER - Resource costs
Which domain of the (ISC)² Common Body of Knowledge addresses procedures
and tools that eliminate or reduce the capability to exploit critical information? -
THE CORRECT ANSWER - Operations Security
Which domain of the (ISC)² Common Body of Knowledge addresses
identification, authentication, authorization, and logging and monitoring
techniques and technologies? - THE CORRECT ANSWER - Access Control
Which type of policy establishes a security plan, assigns management
responsibilities, and states an organization's computer security objectives? -
THE CORRECT ANSWER - Program-level
A company consults a best practices manual from its vendor while deploying a
new IT system. Which type of document does this exemplify? - THE
CORRECT ANSWER - Guidelines
Which groups typically report to the chief security officer (CSO)? - THE
CORRECT ANSWER - Security engineering and operations
A company is considering which controls to buy to protect an asset. What should
the price of the controls be in relation to the cost of the asset? - THE
CORRECT ANSWER - Less than the annual loss expectancy
An employee uses a secure hashing algorithm for message integrity. The
employee sends a plain text message with the embedded hash to a colleague. A
,rogue device receives and retransmits the message to its destination. Once
received and checked by the intended recipient, the hashes do not match.
Which STRIDE concept has been violated? - THE CORRECT ANSWER -
Tampering
An attacker accesses private emails between the company's CISO and board
members. The attacker then publishes the emails online. Which type of an attack
is this, according to the STRIDE model? - THE CORRECT ANSWER -
Information disclosure
A system data owner needs to give access to a new employee, so the owner
formally requests that the system administrator create an account and permit the
new employee to use systems necessary to the job. Which type of control does
the system administrator use to grant these permissions? - THE CORRECT
ANSWER - Access
The chief information security officer (CISO) for an organization knows that the
organization's datacenter lacks the physical controls needed to adequately control
access to sensitive corporate systems. The CEO, CIO, and CFO feel that the
current physical access is within a tolerable risk level, and they agree not to pay
for upgrades to the facility.
Which risk management strategy has the senior leadership decided to employ? -
THE CORRECT ANSWER - Acceptance
Which phase of the software development life cycle follows system design? -
THE CORRECT ANSWER - Development
Which question relates to the functional aspect of computer security? - THE
CORRECT ANSWER - Does the system do the right things in the right way?
Which action is an example of a loss of information integrity based on the CIA
triad? - THE CORRECT ANSWER - A security engineer accidentally
scrambles information in a database.
What is included in quantitative risk analysis? - THE CORRECT ANSWER
- Risk ranking
, An organization has all of its offices in several different buildings that are situated
on a large city block. Which type of network is specifically suited to connect these
offices to the organization's network - THE CORRECT ANSWER - Campus
A network security engineer is tasked with preparing audit reports for the auditor.
The internal auditor sends the reports to the external auditor who discovers that
fraud was committed and that the network security engineer has falsified the
reports. Which security principle should be used to stop this type of fraud from
happening? - THE CORRECT ANSWER - Separation of duties
An employee has worked for the same organization for years and still has access
to legal files even though this employee now works in accounting. Which
principle has been violated? - THE CORRECT ANSWER - Least privilege
A sales specialist is a normal user of a corporate network. The corporate network
uses subjects, objects, and labels to grant users access. Which access control
methodology is the corporation using? - THE CORRECT ANSWER -
Mandatory
What is considered a valid method for testing an organization's disaster recovery
plan, according to the Certified Information Systems Security Professional
(CISSP)? - THE CORRECT ANSWER - Checklist
Who directs policies and procedures that are designed to protect information
resources in an organization? - THE CORRECT ANSWER - Information
resources security officer
Which topics should be included in employee security training program? - THE
CORRECT ANSWER - Social engineering, shoulder surfing, phishing,
malware
What is a threat to business operations - THE CORRECT ANSWER -
Sophisticated hacking tools purchased by a disgruntled employee
Which statement describes a threat? - THE CORRECT ANSWER - Spear
fishing attack
Which type of control reduces the effect of an attack? - THE CORRECT
ANSWER - Corrective
