Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

WGU C727 Cybersecurity Management Final Exam 2025/2026 – Verified Questions and 100% Correct Answers with Explanations

Puntuación
-
Vendido
-
Páginas
19
Grado
A+
Subido en
30-09-2025
Escrito en
2025/2026

WGU C727 Cybersecurity Management Final Exam 2025/2026 – Verified Questions and 100% Correct Answers with Explanations

Institución
WGU C727
Grado
WGU C727

Vista previa del contenido

WGU C727 Cybersecurity Management
Final Exam 2025/2026 – Verified Questions
and 100% Correct Answers with
Explanations
Question 1: Which of the following best defines cybersecurity risk management?

A) The process of identifying, assessing, and prioritizing risks to information assets B)
Implementing firewalls and antivirus software on all endpoints C) Conducting annual employee
training on phishing awareness D) Auditing vendor contracts for data protection clauses

A) The process of identifying, assessing, and prioritizing risks to information assets

Explanation: Cybersecurity risk management is a structured approach outlined in frameworks
like NIST SP 800-30, involving identification of threats and vulnerabilities, assessment of
potential impacts, and prioritization based on likelihood and severity. This holistic process
ensures resources are allocated effectively, unlike the more tactical options B, C, and D, which
are components but not the full definition. In practice, organizations use this to align security
with business objectives, reducing overall exposure.

Question 2: In the context of NIST Cybersecurity Framework, what is the
primary purpose of the "Identify" function?

A) To develop and implement safeguards to ensure delivery of critical services B) To understand
cybersecurity risks to organizational operations, assets, and individuals C) To improve
capabilities to detect cybersecurity events in a timely manner D) To contain the impact of
potential cybersecurity events

B) To understand cybersecurity risks to organizational operations, assets, and individuals

Explanation: The NIST CSF's "Identify" function focuses on creating an organizational
understanding of cybersecurity risk, including asset management, risk assessment, and supply
chain risk management. This foundational step informs all other functions (Protect, Detect,
Respond, Recover). Options A, C, and D correspond to Protect, Detect, and Respond functions,
respectively. Effective identification prevents reactive spending and supports strategic decision-
making in dynamic threat landscapes.

Question 3: Which ISO 27001 control category emphasizes the need for a formal
information security policy?

A) Organizational Controls B) Human Resource Security C) Physical and Environmental
Security D) Operations Security

,A) Organizational Controls

Explanation: ISO 27001's Annex A.5 (Organizational Controls) includes A.5.1.1, which
mandates a management-directed information security policy to set the tone for security
governance. This ensures alignment with business goals and compliance. Other categories
address specific areas like HR (A.7) or physical access (A.11), but the policy is organizational.
In management, this control fosters a security culture, reducing insider threats by up to 30%
according to industry studies.

Question 4: What is the main goal of a Business Impact Analysis (BIA) in
cybersecurity management?

A) To evaluate the financial cost of insurance premiums for cyber risks B) To identify critical
business functions and the potential impact of disruptions C) To rank employees by their access
levels to sensitive data D) To test the speed of network recovery after a DDoS attack

B) To identify critical business functions and the potential impact of disruptions

Explanation: A BIA, as per NIST SP 800-34, quantifies the effects of disruptions on recovery
time objectives (RTO) and recovery point objectives (RPO), prioritizing recovery efforts. It's
essential for business continuity planning. Options A, C, and D are unrelated; financial
evaluation is part of risk assessment, not BIA. In practice, BIAs help justify budgets, with mature
organizations seeing 20-50% faster recovery times post-implementation.

Question 5: Which of the following is a key principle of the CIA triad in
information security?

A) Confidentiality, Integrity, and Availability B) Cost, Implementation, and Auditing C)
Compliance, Innovation, and Adaptability D) Capacity, Integration, and Automation

A) Confidentiality, Integrity, and Availability

Explanation: The CIA triad is the foundational model for information security, ensuring data is
protected from unauthorized access (Confidentiality), unaltered (Integrity), and accessible when
needed (Availability). All modern frameworks, including ISO 27001 and NIST, build on this.
Other options are distractors; for example, C relates to governance but not core security
principles. Breaches often stem from CIA violations, costing global economies $8 trillion
annually in 2023 per Cybersecurity Ventures.

Question 6: In risk management, what does the term "inherent risk" refer to?

A) The risk level after applying controls B) The risk level before any controls or mitigations are
applied C) The risk associated with third-party vendors only D) The risk of natural disasters
impacting data centers

B) The risk level before any controls or mitigations are applied

, Explanation: Inherent risk represents the baseline exposure to threats and vulnerabilities without
safeguards, as defined in COSO and NIST frameworks. It's contrasted with residual risk (post -
controls). This distinction aids in control design. Options A (residual risk), C (supply chain risk),
and D (physical risk) are subsets or different concepts. Understanding inherent risk helps
managers allocate resources proportionally to high-exposure areas.

Question 7: Which framework is primarily used for evaluating cybersecurity
program maturity?

A) COBIT 2019 B) CIS Controls v8 C) NIST Cybersecurity Framework D) All of the above

D) All of the above

Explanation: COBIT 2019 assesses governance maturity, CIS Controls provide implementation
benchmarks, and NIST CSF uses tiers (1-4) for maturity evaluation. Each serves complementary
roles in a holistic assessment. Selecting one framework limits scope; integrated use is best
practice. Organizations at higher maturity levels report 50% fewer incidents, per Ponemon
Institute studies.

Question 8: What is the purpose of a Security Awareness Training (SAT)
program in cybersecurity management?

A) To certify employees as ethical hackers B) To reduce human-related security incidents
through education C) To automate patch management processes D) To encrypt all internal
communications

B) To reduce human-related security incidents through education

Explanation: SAT programs, mandated by standards like PCI DSS Requirement 12.6, aim to
build a human firewall by teaching phishing recognition, password hygiene, and policy
adherence. Human error causes 74% of breaches (Verizon DBIR 2023). Options A, C, and D are
technical or specialized, not broad awareness goals. Effective SAT can lower phishing success
by 40-60%.

Question 9: Which of the following is an example of a detective security control?

A) Firewall blocking unauthorized traffic B) Intrusion Detection System (IDS) alerting on
anomalies C) Multi-factor authentication (MFA) for logins D) Data encryption at rest

B) Intrusion Detection System (IDS) alerting on anomalies

Explanation: Detective controls identify incidents after occurrence, like IDS monitoring per
NIST SP 800-53 (SI-4). Preventive controls (A, C) stop threats; corrective (none here) fix issues.
Encryption (D) is preventive/confidentiality-focused. IDS integration with SIEM enhances
response, reducing mean time to detect (MTTD) to under 24 hours in mature programs.

Escuela, estudio y materia

Institución
WGU C727
Grado
WGU C727

Información del documento

Subido en
30 de septiembre de 2025
Número de páginas
19
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

  • wgu c727
$15.50
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
TutorRicks Chamberlain College Of Nursing
Ver perfil
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
325
Miembro desde
2 año
Número de seguidores
50
Documentos
2839
Última venta
17 horas hace

3.7

44 reseñas

5
22
4
5
3
8
2
1
1
8

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes