WGU C836 COMPLETE QUESTIONS
AND ANSWERS | LATEST VERSION |
2024/2025 | 100% PASS
What is the purpose of a security baseline?
✔✔ A security baseline establishes a minimum level of security for systems and applications,
serving as a reference point for configuring and assessing security controls.
How can organizations benefit from implementing security frameworks like NIST or ISO
27001?
✔✔ Security frameworks provide structured approaches to managing security risks, promoting
best practices, compliance, and continuous improvement in an organization’s security posture.
What is a security incident, and how is it different from a security breach?
✔✔ A security incident is any event that threatens the confidentiality, integrity, or availability of
information, while a security breach specifically refers to unauthorized access to sensitive data.
What are the key elements of a comprehensive information security program?
✔✔ Key elements include risk assessment, security policies, user awareness training, incident
response planning, compliance management, and continuous monitoring.
1
,What is the purpose of conducting a business impact analysis (BIA)?
✔✔ A business impact analysis assesses the potential effects of disruptions to critical business
functions, helping organizations prioritize recovery efforts and allocate resources effectively.
What is the difference between a risk assessment and a vulnerability assessment?
✔✔ A risk assessment evaluates the likelihood and impact of potential threats to assets, while a
vulnerability assessment identifies weaknesses in systems that could be exploited.
How does encryption protect data at rest and in transit?
✔✔ Encryption transforms data into an unreadable format, ensuring that unauthorized users
cannot access or interpret the information, whether stored (at rest) or being transmitted (in
transit).
What is the role of an information security policy?
✔✔ An information security policy defines the rules and procedures for protecting an
organization’s information assets, establishing accountability and guiding employee behavior.
What are the common types of access control models?
2
,✔✔ Common access control models include discretionary access control (DAC), mandatory
access control (MAC), and role-based access control (RBAC).
What is an adversary in the context of information security?
✔✔ An adversary is an individual or group that seeks to exploit vulnerabilities to compromise
the security of an information system or data.
How does multifactor authentication (MFA) enhance security?
✔✔ Multifactor authentication requires users to provide multiple forms of verification, such as
passwords and biometric data, making unauthorized access significantly more difficult.
What is the significance of conducting penetration testing?
✔✔ Penetration testing simulates real-world attacks on systems to identify vulnerabilities, assess
the effectiveness of security controls, and provide recommendations for improvement.
What is a security incident response team (SIRT)?
✔✔ A security incident response team (SIRT) is a group of professionals responsible for
preparing for, detecting, analyzing, and responding to security incidents within an organization.
3
, What is the purpose of a security audit?
✔✔ A security audit evaluates an organization’s security policies, practices, and controls to
ensure compliance and identify areas for improvement.
What is a data retention policy, and why is it important?
✔✔ A data retention policy outlines how long an organization retains data and under what
circumstances it is deleted, helping manage legal compliance and data privacy.
What are the main goals of an incident response plan?
✔✔ The main goals of an incident response plan are to minimize damage, recover quickly,
ensure effective communication, and improve future responses to incidents.
How do social engineering attacks exploit human behavior?
✔✔ Social engineering attacks manipulate individuals into divulging confidential information or
performing actions that compromise security, often leveraging trust and curiosity.
What is a digital certificate, and how is it used in security?
✔✔ A digital certificate is an electronic document used to prove the ownership of a public key,
enabling secure communications through encryption and authentication.
4
AND ANSWERS | LATEST VERSION |
2024/2025 | 100% PASS
What is the purpose of a security baseline?
✔✔ A security baseline establishes a minimum level of security for systems and applications,
serving as a reference point for configuring and assessing security controls.
How can organizations benefit from implementing security frameworks like NIST or ISO
27001?
✔✔ Security frameworks provide structured approaches to managing security risks, promoting
best practices, compliance, and continuous improvement in an organization’s security posture.
What is a security incident, and how is it different from a security breach?
✔✔ A security incident is any event that threatens the confidentiality, integrity, or availability of
information, while a security breach specifically refers to unauthorized access to sensitive data.
What are the key elements of a comprehensive information security program?
✔✔ Key elements include risk assessment, security policies, user awareness training, incident
response planning, compliance management, and continuous monitoring.
1
,What is the purpose of conducting a business impact analysis (BIA)?
✔✔ A business impact analysis assesses the potential effects of disruptions to critical business
functions, helping organizations prioritize recovery efforts and allocate resources effectively.
What is the difference between a risk assessment and a vulnerability assessment?
✔✔ A risk assessment evaluates the likelihood and impact of potential threats to assets, while a
vulnerability assessment identifies weaknesses in systems that could be exploited.
How does encryption protect data at rest and in transit?
✔✔ Encryption transforms data into an unreadable format, ensuring that unauthorized users
cannot access or interpret the information, whether stored (at rest) or being transmitted (in
transit).
What is the role of an information security policy?
✔✔ An information security policy defines the rules and procedures for protecting an
organization’s information assets, establishing accountability and guiding employee behavior.
What are the common types of access control models?
2
,✔✔ Common access control models include discretionary access control (DAC), mandatory
access control (MAC), and role-based access control (RBAC).
What is an adversary in the context of information security?
✔✔ An adversary is an individual or group that seeks to exploit vulnerabilities to compromise
the security of an information system or data.
How does multifactor authentication (MFA) enhance security?
✔✔ Multifactor authentication requires users to provide multiple forms of verification, such as
passwords and biometric data, making unauthorized access significantly more difficult.
What is the significance of conducting penetration testing?
✔✔ Penetration testing simulates real-world attacks on systems to identify vulnerabilities, assess
the effectiveness of security controls, and provide recommendations for improvement.
What is a security incident response team (SIRT)?
✔✔ A security incident response team (SIRT) is a group of professionals responsible for
preparing for, detecting, analyzing, and responding to security incidents within an organization.
3
, What is the purpose of a security audit?
✔✔ A security audit evaluates an organization’s security policies, practices, and controls to
ensure compliance and identify areas for improvement.
What is a data retention policy, and why is it important?
✔✔ A data retention policy outlines how long an organization retains data and under what
circumstances it is deleted, helping manage legal compliance and data privacy.
What are the main goals of an incident response plan?
✔✔ The main goals of an incident response plan are to minimize damage, recover quickly,
ensure effective communication, and improve future responses to incidents.
How do social engineering attacks exploit human behavior?
✔✔ Social engineering attacks manipulate individuals into divulging confidential information or
performing actions that compromise security, often leveraging trust and curiosity.
What is a digital certificate, and how is it used in security?
✔✔ A digital certificate is an electronic document used to prove the ownership of a public key,
enabling secure communications through encryption and authentication.
4
