WGU D488 Actual Exam
Questions With Reviewed 100%
Correct Detailed Answers
Guaranteed Pass
1. A security architect is explaining logistics security to a non-technical person.
What term would the security architect use to describe all of the suppliers,
vendors, and partners needed to deliver a final product?
A. Transmission control
B. Vendor policy
C. Vendor viability
D. Supply chain
- ANSWER D. Supply chain
2. What term is used to describe the network of suppliers, vendors, and partners
involved in delivering a final product, and is often a significant source of risk?
A. Vendor viability
B. Transmission control
C. Supply chain
D. Vendor policy
- ANSWER C. Supply chain
3. What term defines how a system protects communication channels from risks
such as infiltration, exploitation, and interception?
A. Supply chain
B. Transmission control
,C. Vendor viability
D. Vendor policy
- ANSWER B. Transmission control
4. Which aspect of vendor management involves determining if a vendor will
remain in business over time, ensuring they have a viable product and financial
stability?
A. Vendor viability
B. Supply chain
C. Transmission control
D. Vendor policy
- ANSWER A. Vendor viability
5. What is important to establish when defining the maturity of vendor security
operations and setting the minimum requirements and expectations for vendors?
A. Supply chain
B. Vendor viability
C. Transmission control
D. Vendor policy
- ANSWER D. Vendor policy
6. A vulnerability management lead for a major company is working with various
teams to keep their company secure, but there are a significant amount of legacy
systems the company worries about, so the management lead recommends
purchasing an insurance policy. What type of risk strategy is this?
A. Risk avoidance
B. Risk acceptance
C. Risk mitigation
D. Risk transference
- ANSWER D. Risk transference
,7. Which risk strategy involves assigning risk to a third party, often through
purchasing an insurance policy?
A. Risk avoidance
B. Risk mitigation
C. Risk acceptance
D. Risk transference
- ANSWER D. Risk transference
8. What risk strategy involves ceasing the activity that is considered to be risk-
bearing to avoid the associated risks entirely?
A. Risk transference
B. Risk avoidance
C. Risk acceptance
D. Risk mitigation
- ANSWER B. Risk avoidance
9. Which risk strategy involves evaluating an identified risk and deciding to
continue with the activity despite the risk, accepting the potential consequences?
A. Risk avoidance
B. Risk transference
C. Risk mitigation
D. Risk acceptance
- ANSWER D. Risk acceptance
10. What risk strategy focuses on reducing exposure to or the effects of risk
factors, making it a central part of risk management?
A. Risk transference
B. Risk avoidance
C. Risk acceptance
D. Risk mitigation
, - ANSWER D. Risk mitigation
11. A security architect for an organization is conducting an internal assessment
on current policies, processes, and procedures to ensure protection for the
businesses' technology and financial operations. Which of the following would be
best suited to support this assessment?
A. STAR (Security Trust and Risk)
B. SOC (System and Organization Controls)
C. ISO (International Organization for Standardization)
D. CMMC (Cybersecurity Maturity Model Certification)
- ANSWER B. SOC (System and Organization Controls)
12. Which set of standards, established by the American Institute of Certified
Public Accountants (AICPA), is used to evaluate policies, processes, and
procedures to protect technology and financial operations?
A. ISO (International Organization for Standardization)
B. SOC (System and Organization Controls)
C. STAR (Security Trust and Risk)
D. CMMC (Cybersecurity Maturity Model Certification)
- ANSWER B. SOC (System and Organization Controls)
13. What program, developed by the Cloud Security Alliance (CSA), is used to
demonstrate a cloud service provider's adherence to principles of transparency,
auditing, and best practice security operations?
A. SOC (System and Organization Controls)
B. ISO (International Organization for Standardization)
C. CMMC (Cybersecurity Maturity Model Certification)
D. STAR (Security Trust and Risk)
- ANSWER D. STAR (Security Trust and Risk)
14. Which standard is most relevant for cybersecurity audits focused on
compliance, particularly with the ISO 27k series?
Questions With Reviewed 100%
Correct Detailed Answers
Guaranteed Pass
1. A security architect is explaining logistics security to a non-technical person.
What term would the security architect use to describe all of the suppliers,
vendors, and partners needed to deliver a final product?
A. Transmission control
B. Vendor policy
C. Vendor viability
D. Supply chain
- ANSWER D. Supply chain
2. What term is used to describe the network of suppliers, vendors, and partners
involved in delivering a final product, and is often a significant source of risk?
A. Vendor viability
B. Transmission control
C. Supply chain
D. Vendor policy
- ANSWER C. Supply chain
3. What term defines how a system protects communication channels from risks
such as infiltration, exploitation, and interception?
A. Supply chain
B. Transmission control
,C. Vendor viability
D. Vendor policy
- ANSWER B. Transmission control
4. Which aspect of vendor management involves determining if a vendor will
remain in business over time, ensuring they have a viable product and financial
stability?
A. Vendor viability
B. Supply chain
C. Transmission control
D. Vendor policy
- ANSWER A. Vendor viability
5. What is important to establish when defining the maturity of vendor security
operations and setting the minimum requirements and expectations for vendors?
A. Supply chain
B. Vendor viability
C. Transmission control
D. Vendor policy
- ANSWER D. Vendor policy
6. A vulnerability management lead for a major company is working with various
teams to keep their company secure, but there are a significant amount of legacy
systems the company worries about, so the management lead recommends
purchasing an insurance policy. What type of risk strategy is this?
A. Risk avoidance
B. Risk acceptance
C. Risk mitigation
D. Risk transference
- ANSWER D. Risk transference
,7. Which risk strategy involves assigning risk to a third party, often through
purchasing an insurance policy?
A. Risk avoidance
B. Risk mitigation
C. Risk acceptance
D. Risk transference
- ANSWER D. Risk transference
8. What risk strategy involves ceasing the activity that is considered to be risk-
bearing to avoid the associated risks entirely?
A. Risk transference
B. Risk avoidance
C. Risk acceptance
D. Risk mitigation
- ANSWER B. Risk avoidance
9. Which risk strategy involves evaluating an identified risk and deciding to
continue with the activity despite the risk, accepting the potential consequences?
A. Risk avoidance
B. Risk transference
C. Risk mitigation
D. Risk acceptance
- ANSWER D. Risk acceptance
10. What risk strategy focuses on reducing exposure to or the effects of risk
factors, making it a central part of risk management?
A. Risk transference
B. Risk avoidance
C. Risk acceptance
D. Risk mitigation
, - ANSWER D. Risk mitigation
11. A security architect for an organization is conducting an internal assessment
on current policies, processes, and procedures to ensure protection for the
businesses' technology and financial operations. Which of the following would be
best suited to support this assessment?
A. STAR (Security Trust and Risk)
B. SOC (System and Organization Controls)
C. ISO (International Organization for Standardization)
D. CMMC (Cybersecurity Maturity Model Certification)
- ANSWER B. SOC (System and Organization Controls)
12. Which set of standards, established by the American Institute of Certified
Public Accountants (AICPA), is used to evaluate policies, processes, and
procedures to protect technology and financial operations?
A. ISO (International Organization for Standardization)
B. SOC (System and Organization Controls)
C. STAR (Security Trust and Risk)
D. CMMC (Cybersecurity Maturity Model Certification)
- ANSWER B. SOC (System and Organization Controls)
13. What program, developed by the Cloud Security Alliance (CSA), is used to
demonstrate a cloud service provider's adherence to principles of transparency,
auditing, and best practice security operations?
A. SOC (System and Organization Controls)
B. ISO (International Organization for Standardization)
C. CMMC (Cybersecurity Maturity Model Certification)
D. STAR (Security Trust and Risk)
- ANSWER D. STAR (Security Trust and Risk)
14. Which standard is most relevant for cybersecurity audits focused on
compliance, particularly with the ISO 27k series?
