WGU C795 Cybersecurity Management II –
Tactical OA ACTUAL EXAM STUDY GUIDE
2026 COMPLETE QUESTIONS WITH CORRECT
DETAILED ANSWERS ||
100% GUARANTEED PASS
<RECENT VERSION>
1. A company's main asset is a physical working prototype stored in the
research and development department. The prototype is not currently
connected to the company's network.
Which privileged user activity should be monitored?
a. Accessing camera logs
b. Adding accounts to the administrator group
c. Running scripts in PowerShell
d. Disabling host firewall - ANSWER a
2. A company performs a data audit on its critical information every six
months. Company policy states that the audit cannot be conducted by the
same employee within a two-year time frame.
Which principle is this company following?
, a. Job rotation
b. Two person control
c. Least privilege
d. Need to know - ANSWER a
3. A user is granted access to restricted and classified information but is
supplied only with the information for a current assignment.
Which type of authorization mechanism is being applied in this scenario?
a. Need to know
b. Constrained interface
c. Duty separation
d Access control list - ANSWER a
4. Which two data recovery components will back up a file and change the
archive bit to 0?
Choose 2 answers.
a. Full backup
b. Differential backup
c. Incremental backup
d. Copy backup - ANSWER a, c
,5. A security analyst observes that an unauthorized user has logged in to the
network and tried to access an application with failed password attempts.
Which defense-in-depth tactic should the security analyst use to see other
activities this user has attempted?
a. Brute-force attack the application to see if a user can get in
b. Check application logs for events and errors caused by the user
c. Use a packet sniffer to analyze the network traffic
d. Use SIEM to collect logs and look at the aggregate data - ANSWER d
6. A company is concerned about unneeded network protocols being available
on the network.
Which two defense-in-depth practices should the company implement to
detect whether FTP is being used?
Choose 2 answers.
a. Install BIOS firmware updates
b. Perform automated packet scanning
c. Implement application firewalls
d. Physically segment the network - ANSWER b, c
7. A combined mail server and calendaring server environment contains no
SSL certificate. Which security principle of the CIA triad is affected by the
lack of an SSL certificate?
, Confidentiality
Integrity
Authentication
Availability - ANSWER confidentiality
8. A company does not have a DRP and suffers a multiday power outage.
Which provisioning should the company perform to provide stable power for
a long period of time?
Purchase generators
Purchase additional servers
Create a RAID array
Create a failover cluster - ANSWER Purchase generators
9. A company is moving its database backups from an off-site location to an
alternate processing site warehouse using bulk transfers. Which type of
database recovery is this company employing?
Electronic vaulting
Remote journaling
Remote mirroring
Mutual assistance - ANSWER Electronic vaulting
A storage scenario in which database backups are transferred to a remote site
in a bulk transfer fashion. The remote location may be a dedicated
alternative recovery site (such as a hot site) or simply an offsite location
Tactical OA ACTUAL EXAM STUDY GUIDE
2026 COMPLETE QUESTIONS WITH CORRECT
DETAILED ANSWERS ||
100% GUARANTEED PASS
<RECENT VERSION>
1. A company's main asset is a physical working prototype stored in the
research and development department. The prototype is not currently
connected to the company's network.
Which privileged user activity should be monitored?
a. Accessing camera logs
b. Adding accounts to the administrator group
c. Running scripts in PowerShell
d. Disabling host firewall - ANSWER a
2. A company performs a data audit on its critical information every six
months. Company policy states that the audit cannot be conducted by the
same employee within a two-year time frame.
Which principle is this company following?
, a. Job rotation
b. Two person control
c. Least privilege
d. Need to know - ANSWER a
3. A user is granted access to restricted and classified information but is
supplied only with the information for a current assignment.
Which type of authorization mechanism is being applied in this scenario?
a. Need to know
b. Constrained interface
c. Duty separation
d Access control list - ANSWER a
4. Which two data recovery components will back up a file and change the
archive bit to 0?
Choose 2 answers.
a. Full backup
b. Differential backup
c. Incremental backup
d. Copy backup - ANSWER a, c
,5. A security analyst observes that an unauthorized user has logged in to the
network and tried to access an application with failed password attempts.
Which defense-in-depth tactic should the security analyst use to see other
activities this user has attempted?
a. Brute-force attack the application to see if a user can get in
b. Check application logs for events and errors caused by the user
c. Use a packet sniffer to analyze the network traffic
d. Use SIEM to collect logs and look at the aggregate data - ANSWER d
6. A company is concerned about unneeded network protocols being available
on the network.
Which two defense-in-depth practices should the company implement to
detect whether FTP is being used?
Choose 2 answers.
a. Install BIOS firmware updates
b. Perform automated packet scanning
c. Implement application firewalls
d. Physically segment the network - ANSWER b, c
7. A combined mail server and calendaring server environment contains no
SSL certificate. Which security principle of the CIA triad is affected by the
lack of an SSL certificate?
, Confidentiality
Integrity
Authentication
Availability - ANSWER confidentiality
8. A company does not have a DRP and suffers a multiday power outage.
Which provisioning should the company perform to provide stable power for
a long period of time?
Purchase generators
Purchase additional servers
Create a RAID array
Create a failover cluster - ANSWER Purchase generators
9. A company is moving its database backups from an off-site location to an
alternate processing site warehouse using bulk transfers. Which type of
database recovery is this company employing?
Electronic vaulting
Remote journaling
Remote mirroring
Mutual assistance - ANSWER Electronic vaulting
A storage scenario in which database backups are transferred to a remote site
in a bulk transfer fashion. The remote location may be a dedicated
alternative recovery site (such as a hot site) or simply an offsite location
