WGU C954 IT Management Objective
Assessment | OA Score
1. Multiple organizations operating in the same vertical want to provide seamless
wireless access for their employees as they visit the other organizations. Which of
the following should be implemented if all the organizations use the native 802.1x
client on their mobile devices?
OAuth
RADIUS federation
OpenID connect
SAML - Security Assertion Markup Language
Shibboleth
2. Describe how vishing can lead to identity theft.
Vishing is a method of securing personal information through phone calls.
Vishing is unrelated to identity theft and focuses on email scams.
Vishing involves deceiving individuals over the phone to obtain
personal information, which can then be used for identity theft.
Vishing is a technique used to protect against identity theft.
3. Describe the motivations behind a competitor acting as a threat actor in the
context of corporate espionage.
A competitor seeks to steal proprietary information to gain aUm arket
nderstand
edge and reduce time to market. the
answers
A competitor aims to disrupt operations without financial gain.
Get in-depth
A competitor focuses on publicizing vulnerabilities for social ch a n g e .
e xp la n at ions
for any
A competitor primarily targets internal systems for personal rev enge.
question on
your practice
test.
,4. In which of the following is the cloud infrastructure shared among severalGot it
organizations from a specific group with common computing needs?
private cloud
community cloud
hybrid cloud
public cloud
5. Describe how MD5 values contribute to software security when downloading
patches.
MD5 values confirm the identity of the vendor providing the patch.
MD5 values help ensure that the software patch has not been altered or
corrupted during the download process.
MD5 values allow users to track changes in software versions.
MD5 values are used to encrypt the software patch.
6. What is the term used when a company purchases insurance to cover potential
losses?
Transferring the risk
Avoiding the risk
Migrating the risk
Accepting the risk
7. Which of the following applies to a collection of intermediary compromised
systems that can be used as a platform for a DDoS attack?
Intranet
Extranet
Botnet
, Honeynet
8. Describe how spear phishing is distinct from regular phishing in terms of its
approach and target.
Spear phishing uses malware, while regular phishing does not.
Spear phishing is less harmful than regular phishing.
Spear phishing is only conducted through social media, while regular
phishing is done via email.
Spear phishing is distinct from regular phishing because it targets
specific individuals or organizations with personalized messages,
whereas regular phishing casts a wider net with generic messages.
9. If a company experiences a DDoS attack, what immediate action should the IT
team take to mitigate the impact on data availability?
Implement traffic filtering and rate limiting measures.
Change all user passwords immediately.
Disable all external network connections.
Upgrade the network hardware to increase capacity.
10. Amanda wants to allow users from other organizations to log in to her wireless
network. What technology would allow her to do this using their own home
organization's credentials?
OpenID Connect
Preshared keys
RADIUS federation
802.11q
11. What does IPS stand for in the context of network security?
, Information Protection System
Internet Protocol Suite
Intrusion Prevention System
Internal Protocol Security
12. The core difference between phishing and spear-phishing is:
Phishing is an outside attack; spear-phishing is an internal security check.
Phishing attacks via email, spear-phishing attacks via infected webpages.
Phishing attacks via email, spear-phishing attacks via social media.
Spear-phishing has more specific targets than phishing.
Anti-virus software prevents phishing but not spear-phishing.
13. A security consultant is asked to assess a company by gathering any information
they could by only using social media and any information That could be found
on public record. Which of these actions is the consultant being asked to
perform?
White box testing
URL hijacking
Reconnaissance
Escalation of privilege
14. Which two technical controls are specifically designed to prevent users from
reusing old passwords?
Password expiration, Password length
Password lockout, Password length
Password complexity, Password expiration
Assessment | OA Score
1. Multiple organizations operating in the same vertical want to provide seamless
wireless access for their employees as they visit the other organizations. Which of
the following should be implemented if all the organizations use the native 802.1x
client on their mobile devices?
OAuth
RADIUS federation
OpenID connect
SAML - Security Assertion Markup Language
Shibboleth
2. Describe how vishing can lead to identity theft.
Vishing is a method of securing personal information through phone calls.
Vishing is unrelated to identity theft and focuses on email scams.
Vishing involves deceiving individuals over the phone to obtain
personal information, which can then be used for identity theft.
Vishing is a technique used to protect against identity theft.
3. Describe the motivations behind a competitor acting as a threat actor in the
context of corporate espionage.
A competitor seeks to steal proprietary information to gain aUm arket
nderstand
edge and reduce time to market. the
answers
A competitor aims to disrupt operations without financial gain.
Get in-depth
A competitor focuses on publicizing vulnerabilities for social ch a n g e .
e xp la n at ions
for any
A competitor primarily targets internal systems for personal rev enge.
question on
your practice
test.
,4. In which of the following is the cloud infrastructure shared among severalGot it
organizations from a specific group with common computing needs?
private cloud
community cloud
hybrid cloud
public cloud
5. Describe how MD5 values contribute to software security when downloading
patches.
MD5 values confirm the identity of the vendor providing the patch.
MD5 values help ensure that the software patch has not been altered or
corrupted during the download process.
MD5 values allow users to track changes in software versions.
MD5 values are used to encrypt the software patch.
6. What is the term used when a company purchases insurance to cover potential
losses?
Transferring the risk
Avoiding the risk
Migrating the risk
Accepting the risk
7. Which of the following applies to a collection of intermediary compromised
systems that can be used as a platform for a DDoS attack?
Intranet
Extranet
Botnet
, Honeynet
8. Describe how spear phishing is distinct from regular phishing in terms of its
approach and target.
Spear phishing uses malware, while regular phishing does not.
Spear phishing is less harmful than regular phishing.
Spear phishing is only conducted through social media, while regular
phishing is done via email.
Spear phishing is distinct from regular phishing because it targets
specific individuals or organizations with personalized messages,
whereas regular phishing casts a wider net with generic messages.
9. If a company experiences a DDoS attack, what immediate action should the IT
team take to mitigate the impact on data availability?
Implement traffic filtering and rate limiting measures.
Change all user passwords immediately.
Disable all external network connections.
Upgrade the network hardware to increase capacity.
10. Amanda wants to allow users from other organizations to log in to her wireless
network. What technology would allow her to do this using their own home
organization's credentials?
OpenID Connect
Preshared keys
RADIUS federation
802.11q
11. What does IPS stand for in the context of network security?
, Information Protection System
Internet Protocol Suite
Intrusion Prevention System
Internal Protocol Security
12. The core difference between phishing and spear-phishing is:
Phishing is an outside attack; spear-phishing is an internal security check.
Phishing attacks via email, spear-phishing attacks via infected webpages.
Phishing attacks via email, spear-phishing attacks via social media.
Spear-phishing has more specific targets than phishing.
Anti-virus software prevents phishing but not spear-phishing.
13. A security consultant is asked to assess a company by gathering any information
they could by only using social media and any information That could be found
on public record. Which of these actions is the consultant being asked to
perform?
White box testing
URL hijacking
Reconnaissance
Escalation of privilege
14. Which two technical controls are specifically designed to prevent users from
reusing old passwords?
Password expiration, Password length
Password lockout, Password length
Password complexity, Password expiration
