Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

WGU D488 OA EXAM BANK 2025/2026 | ACCURATE REAL EXAM QUESTIONS AND ANSWERS WITH DETAILED RATIONALES | EXPERT VERIFIED FOR GUARANTEED PASS | LATEST UPDATE | STUDY GUIDE AND INSTRUCTOR NOTES INCLUDED TOO

Rating
-
Sold
-
Pages
186
Grade
A+
Uploaded on
15-09-2025
Written in
2025/2026

WGU D488 OA EXAM BANK 2025/2026 | ACCURATE REAL EXAM QUESTIONS AND ANSWERS WITH DETAILED RATIONALES | EXPERT VERIFIED FOR GUARANTEED PASS | LATEST UPDATE | STUDY GUIDE AND INSTRUCTOR NOTES INCLUDED TOO

Institution
WGU D488
Course
WGU D488

Content preview

WGU D488 OA EXAM BANK 2025/2026 | ACCURATE REAL
EXAM QUESTIONS AND ANSWERS WITH DETAILED
RATIONALES | EXPERT VERIFIED FOR GUARANTEED PASS |
LATEST UPDATE | STUDY GUIDE AND INSTRUCTOR NOTES
INCLUDED TOO


On a shopping website, there is a 500-millisecond delay when the authorized payment button is
selected for purchases. Attackers have been running a script to alter the final payment that takes
200 milliseconds. Which vulnerability on the website is being targeted by the attackers?
A - Buffer Overflow
B - Integer Overflow
C - Broken Authentication
D - Race Condition

D - Race Condition

A race condition occurs when multiple processes or actions are executed simultaneously, and the
outcome depends on the sequence or timing of events.
A company wants to provide laptops to its employees so they can work remotely. What should be
implemented to ensure only work applications can be installed on company laptops?
A - Containerization
B - Token-based access
C - Patch repository
D - Whitelisting
D - Whitelisting

Whitelisting ensures that only approved applications can be installed and executed on company
laptops.

What should a business use to provide non-repudiation for emails between employees?
A - TLS/SSL
B - AES-256
C - S/MIME
D - IPSec
C - S/MIME (Secure/Multipurpose Internet Mail Extensions)

S/MIME provides non-repudiation for emails by using digital signatures.


DR MEDINA REED

,Which strategy is appropriate for a risk management team to determine if a business has
insufficient security controls?
A - Qualitative assessment
B - Gap assessment
C - Quantitative risk assessment
D - Impact assessment

B - Gap assessment

A gap assessment identifies the gaps between the current security control and the desired or
required levels of security.

An organization has leased office space that is suitable for its computer equipment so personnel
and systems can be relocated if the main office location is unavailable. It currently has some
equipment. Which type of site is the organization using?
A - Cold site
B - Warm site
C - Hot site
D - Mobile site

B - Warm site

A warm site is a disaster recovery site that provides a partially equipped facility that can be used
to restore critical operations faster than having no equipment at all.

A risk assessment consultant is discussing segmentation options with a client. What are a few
standard options the consultant could offer? Select the best 2 answers.
A - VLANs
B - Transmission Control
C - Physical
D - Access control lists

A & C; VLANs & Physical

A network device can perform segmentation logically, for example, implementing virtual local
area networks (VLANs). A system can bypass VLANs if an attacker gains access to a trunk port
where all VLANs can talk.

Physical segmentation is another type of segmentation more commonly found in industrial
control systems (ICS) and supervisory control and data acquisition (SCADA) networks. This is
where, traditionally, there is an IT and OT (operational technology) network.

Transmission control is not a type of segmentation. Transmission control defines how a system


DR MEDINA REED

,protects communication channels from infiltration, exploitation, and interception.

Access control lists (ACLs) are used to define permissions on a network, file, or object. While
they can restrict access to resources, they do not segment a network in the same way as VLANs
or physical segmentation.

A disaster recovery manager wants to perform a qualitative analysis on intangible assets but is
unsure how to perform the calculations. Which departments should the manager bring on to help
determine metrics? Select 3 answers.
A - Marketing
B - Sales
C - Human Resources
D - Communications
A, B & D; Marketing, Sales, and Communications

Marketing is one of the departments that should help the manager with the metrics. Qualitative
risk assessment is well-suited to the analysis of intangible assets, for example, an organization's
reputation or brand image.

Sales is another department brought on to assist the manager with metrics. These groups are best-
suited to provide input based on their unique insights.

Communications is another department that can help the manager assess the value of many
intangible business assets and the impacts that various risk events can have on them.

The Human Resource department does not necessarily need to participate in an intangible metric
discussion.
A security analyst is performing a security assessment and is recommending ways to manage risk
relating to personnel. Which of the following should the analyst recommend? Select 3 answers.
A - Mandatory vacation
B - Least privilege
C - Email protection
D - Auditing requirements

A, B & D; Mandatory Vacation, Least Privilege, and Auditing Requirements

Mandatory vacation is one way of helping to manage personnel risk. An administrator forces
employees to take their vacation time, during which someone else fulfills their duties.

The principle of least privilege is a practice in which an administrator only gives users account


DR MEDINA REED

, privileges they need to perform their duties. This practice serves in various capacities, such as
helping against both insider threats and compromised accounts.

Auditing requirements describe the capability for auditing account creation, modification,
deletion, and account activity for all accounts. Auditing is a way to help manage personnel risk.

Email protection is a technical control, although it does help to safeguard against attacks against
personnel.

A security engineer is considering moving his organization's IT services to the cloud but is
concerned whether the vendor they are considering will be in business on an ongoing basis. What
type of vendor assessment is this?
A - Vendor viability
B - Source code escrow
C - Vendor lock-in
D - Vendor lockout

A - Vendor Viability

Vendor viability considers whether a vendor will remain in business on an ongoing basis, that
they have a viable and in-demand product, and the financial means to stay afloat.

Source code escrow is a copy of vendor-developed source code provided to a trusted third party
in case a vendor ceases business.

Vendor lock-in occurs when a customer is completely dependent on a vendor for products or
services, as switching is either impossible or would result in substantial complexity and costs.

Vendor lockout occurs when a vendor develops its product in such a way that makes it inoperable
with other products, and the ability to integrate it with other vendor products is not a feasible
option, or it does not exist.

A security manager is standing up a risk management program at a company. What should the
security manager set up that might be considered the most recognized output?
A - Processes
B - Key Performance Indicators
C - Key Risk Indicators
D - Risk Register

D - Risk Register

The risk register can be the most recognized output of the risk management program. It includes


DR MEDINA REED

Written for

Institution
WGU D488
Course
WGU D488

Document information

Uploaded on
September 15, 2025
Number of pages
186
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$23.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
DrMedinaReed Chamberlain College Nursing
View profile
Follow You need to be logged in order to follow users or courses
Sold
2437
Member since
3 year
Number of followers
1322
Documents
2066
Last sold
1 day ago
Perfect Expert scores

Welcome to my all inclusive store. Get all quality study materials at a cost-effective price

4.8

2754 reviews

5
2562
4
68
3
53
2
25
1
46

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions