1|Page
WGU C845 INFORMATION SYSTEMS SECURITY VUN1
TASK 3: EVALUATING & DEFENDING DATA
SECURITY AND SYSTEM OPERATIONS | COMPLETE
A+ GUIDE
A 'Pseudo flaw' is which of the following?
A. An apparent loophole deliberately implanted in an operating system program as a trap for
intruders.
B. An omission when generating Psuedo-code.
C. Used for testing for bounds violations in application programming.
D. A normally generated page fault causing the system to halt. - - ANS✔️--A
A backup site is best described by which of the following options?
,2|Page
A A computer facility with power and HVAC and all servers and communications. All
applications are ready to be installed and configured, and recent data is available to be restored to
the site.
B A computer facility with electrical power and HVAC but with no applications or installed data
on the workstations or servers prior to the event
C A computer facility with available electrical power and HVAC and some print/file servers. No
equipment has been installed at the site.
D An alternate computing location with little power and air-conditioning is but no
telecommunications capability - - ANS✔️--A
A BCP determined that the maximum amount of data that an organization can afford to lose from
an online database is most recent 60 Minutes of online transactions. Which of the following is a
valid Choice based on the BCP conclusion?
A the recovery time objective needs to be less than 1 hour
B the recovery time needs to be more than one hour
C the recovery Point objective needs to be less than 1 hour
D the recovery Point objective needs to be more than one hour - - ANS✔️--C
A business asset is best described by which of the following?
,3|Page
A Competitive advantage, capability, credibility, or goodwill
B Controls put in place that reduce the effects of threats
C An asset loss that could cause a financial or operational impact to the organization
D Personnel, compensation, and retirement programs - - ANS✔️--A
A business continuity plan is an example of which of the following?
A. Corrective control
B. Detective control
C. Preventive control
D. Compensating control - - ANS✔️--A
A Business Continuity Plan should be tested:
A. Once a month.
B. At least twice a year.
C. At least once a year.
D. At least once every two years. - - ANS✔️--C
A business continuity plan should list and prioritize the services that need to be brought back
after a disaster strikes. Which of the following services is more likely to be of primary concern in
the context of what your Disaster Recovery Plan would include?
, 4|Page
A. Marketing/Public relations
B. Data/Telecomm/IS facilities
C. IS Operations
D. Facilities security - - ANS✔️--B
A business is preparing to create an e-commerce website. It wants to make sure that the
business's website is trusted when an HTTP session is established. What should the business do?
A Use SSL in all sessions
B Ensure that the checkout process is encrypted
C Purchase a certificate from a public CA
D Publish a certificate from a private CA - - ANS✔️--C
A central authority determines what subjects can have access to certain objects based on the
organizational security policy is called:
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control - - ANS✔️--C
WGU C845 INFORMATION SYSTEMS SECURITY VUN1
TASK 3: EVALUATING & DEFENDING DATA
SECURITY AND SYSTEM OPERATIONS | COMPLETE
A+ GUIDE
A 'Pseudo flaw' is which of the following?
A. An apparent loophole deliberately implanted in an operating system program as a trap for
intruders.
B. An omission when generating Psuedo-code.
C. Used for testing for bounds violations in application programming.
D. A normally generated page fault causing the system to halt. - - ANS✔️--A
A backup site is best described by which of the following options?
,2|Page
A A computer facility with power and HVAC and all servers and communications. All
applications are ready to be installed and configured, and recent data is available to be restored to
the site.
B A computer facility with electrical power and HVAC but with no applications or installed data
on the workstations or servers prior to the event
C A computer facility with available electrical power and HVAC and some print/file servers. No
equipment has been installed at the site.
D An alternate computing location with little power and air-conditioning is but no
telecommunications capability - - ANS✔️--A
A BCP determined that the maximum amount of data that an organization can afford to lose from
an online database is most recent 60 Minutes of online transactions. Which of the following is a
valid Choice based on the BCP conclusion?
A the recovery time objective needs to be less than 1 hour
B the recovery time needs to be more than one hour
C the recovery Point objective needs to be less than 1 hour
D the recovery Point objective needs to be more than one hour - - ANS✔️--C
A business asset is best described by which of the following?
,3|Page
A Competitive advantage, capability, credibility, or goodwill
B Controls put in place that reduce the effects of threats
C An asset loss that could cause a financial or operational impact to the organization
D Personnel, compensation, and retirement programs - - ANS✔️--A
A business continuity plan is an example of which of the following?
A. Corrective control
B. Detective control
C. Preventive control
D. Compensating control - - ANS✔️--A
A Business Continuity Plan should be tested:
A. Once a month.
B. At least twice a year.
C. At least once a year.
D. At least once every two years. - - ANS✔️--C
A business continuity plan should list and prioritize the services that need to be brought back
after a disaster strikes. Which of the following services is more likely to be of primary concern in
the context of what your Disaster Recovery Plan would include?
, 4|Page
A. Marketing/Public relations
B. Data/Telecomm/IS facilities
C. IS Operations
D. Facilities security - - ANS✔️--B
A business is preparing to create an e-commerce website. It wants to make sure that the
business's website is trusted when an HTTP session is established. What should the business do?
A Use SSL in all sessions
B Ensure that the checkout process is encrypted
C Purchase a certificate from a public CA
D Publish a certificate from a private CA - - ANS✔️--C
A central authority determines what subjects can have access to certain objects based on the
organizational security policy is called:
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control - - ANS✔️--C
