WGU C795
WGU C795 CYBERSECURITY MANAGEMENT
FINAL STANDARD SET WITH CORRECT
SOLUTIONS EXAM 2026
__________ provide the detailed steps needed to carry out ___________.
Procedures, policies
A __________ grants the authority to perform an action on a system. A __________
grants access to a resource.
right, permission
A business continuity plan (BCP) is an example of a(n):
security plan
A hacker wants to launch an attack on an organization. The hacker uses a tool to
capture data sent over the network in cleartext, hoping to gather information that will
help make the attack successful. What tool is the hacker using?
a packet analyzer
A threat is any activity that represents a possible danger, which includes any
circumstances or events with the potential to cause an adverse impact on all of the
following, except:
assessments
A(n) ____________ assessment attempts to identify vulnerabilities that can be
exploited.
A. risk
B. threat
C. vulnerability
D. exploit
D. exploit
An access control such as a firewall or intrusion prevention system cannot protect
against which of the following?
Social engineering
Another term for data range and reasonableness checks is:
input validation
Background checks, software testing, and awareness training are all categories of:
procedural controls.
WGU C795
,WGU C795
Bill is a security professional. He is in a meeting with co-workers and describes a
system that will make web sessions more secure. He says when a user connects to the
web server and starts a secure session, the server sends a certificate to the user. The
certificate includes a public key. The user can encrypt data with the public key and send
it to the server. Because the server holds the private key, it can decrypt the data.
Because no other entity has the private key, no one else can decrypt the data. What is
Bill describing?
A. Public key infrastructure (PKI)
B. Certificate authority (CA)
C. A hashing algorithm
D. A digital signature
A. Public key infrastructure (PKI)
Bonding is a type of __________ that covers against losses by theft, fraud, or
dishonesty.
Insurance
Complete the equation for the relationship between risk, vulnerabilities, and threats:
Risk equals:
Vulnerability × Threat .
Functionality testing is primarily used with:
Software Development
Ideally, when should you perform threat modeling?
A. After writing an application or deploying a system
B. Before writing an application, but after deploying a system
C. After writing an application, but before deploying a system
D. Before writing an application or deploying a system
D. Before writing an application or deploying a system
In a SQL injection attack, an attacker can:
read sections of a database or a whole database without authorization.
Piggybacking is also known as:
A. tailgating.
B. a mantrap.
C. social engineering.
D. shoulder surfing.
A. tailgating.
Primary considerations for assessing threats based on historical data in your local area
are __________ and ___________.
WGU C795
, WGU C795
A. property value, insurance
B. weather conditions, natural disasters
C. historical data, threat modeling
D. crime statistics, flood frequency
B. weather conditions, natural disasters
Purchasing insurance is the primary way for an organization to __________ or
___________ risk.
A. transfer, accept
B. mitigate, accept
C. share, transfer
D. accept, share
C. share, transfer
Some controls are identified based on the function they perform. What are the broad
classes of controls based on function?
Preventative, detective, corrective
System logs and audit trails are a type of ________ control.
A. physical
B. corrective
C. technical
D. procedural
C. technical
The actual methods used to protect against data loss are __________ controls, but the
program that identifies which data to protect is a ___________ control.
technical, procedural
The National Institute of Standards and Technology (NIST) publishes SP 800-53. This
document describes a variety of IT security controls, such as access control, incident
response, and configuration management. Controls are grouped into families. Which
NIST control family helps an organization recover from failures and disasters?
Contingency Planning(CP)
To _________ risk means to reduce or neutralize threats or vulnerabilities to an
acceptable level.
Mitigate
What changes plaintext data to ciphered data?
encryption
What characteristic is common to risk assessments and threat assessments?
They are both performed for a specific time.
What does the principle of least privilege have in common with the principle of need to
know?
WGU C795
WGU C795 CYBERSECURITY MANAGEMENT
FINAL STANDARD SET WITH CORRECT
SOLUTIONS EXAM 2026
__________ provide the detailed steps needed to carry out ___________.
Procedures, policies
A __________ grants the authority to perform an action on a system. A __________
grants access to a resource.
right, permission
A business continuity plan (BCP) is an example of a(n):
security plan
A hacker wants to launch an attack on an organization. The hacker uses a tool to
capture data sent over the network in cleartext, hoping to gather information that will
help make the attack successful. What tool is the hacker using?
a packet analyzer
A threat is any activity that represents a possible danger, which includes any
circumstances or events with the potential to cause an adverse impact on all of the
following, except:
assessments
A(n) ____________ assessment attempts to identify vulnerabilities that can be
exploited.
A. risk
B. threat
C. vulnerability
D. exploit
D. exploit
An access control such as a firewall or intrusion prevention system cannot protect
against which of the following?
Social engineering
Another term for data range and reasonableness checks is:
input validation
Background checks, software testing, and awareness training are all categories of:
procedural controls.
WGU C795
,WGU C795
Bill is a security professional. He is in a meeting with co-workers and describes a
system that will make web sessions more secure. He says when a user connects to the
web server and starts a secure session, the server sends a certificate to the user. The
certificate includes a public key. The user can encrypt data with the public key and send
it to the server. Because the server holds the private key, it can decrypt the data.
Because no other entity has the private key, no one else can decrypt the data. What is
Bill describing?
A. Public key infrastructure (PKI)
B. Certificate authority (CA)
C. A hashing algorithm
D. A digital signature
A. Public key infrastructure (PKI)
Bonding is a type of __________ that covers against losses by theft, fraud, or
dishonesty.
Insurance
Complete the equation for the relationship between risk, vulnerabilities, and threats:
Risk equals:
Vulnerability × Threat .
Functionality testing is primarily used with:
Software Development
Ideally, when should you perform threat modeling?
A. After writing an application or deploying a system
B. Before writing an application, but after deploying a system
C. After writing an application, but before deploying a system
D. Before writing an application or deploying a system
D. Before writing an application or deploying a system
In a SQL injection attack, an attacker can:
read sections of a database or a whole database without authorization.
Piggybacking is also known as:
A. tailgating.
B. a mantrap.
C. social engineering.
D. shoulder surfing.
A. tailgating.
Primary considerations for assessing threats based on historical data in your local area
are __________ and ___________.
WGU C795
, WGU C795
A. property value, insurance
B. weather conditions, natural disasters
C. historical data, threat modeling
D. crime statistics, flood frequency
B. weather conditions, natural disasters
Purchasing insurance is the primary way for an organization to __________ or
___________ risk.
A. transfer, accept
B. mitigate, accept
C. share, transfer
D. accept, share
C. share, transfer
Some controls are identified based on the function they perform. What are the broad
classes of controls based on function?
Preventative, detective, corrective
System logs and audit trails are a type of ________ control.
A. physical
B. corrective
C. technical
D. procedural
C. technical
The actual methods used to protect against data loss are __________ controls, but the
program that identifies which data to protect is a ___________ control.
technical, procedural
The National Institute of Standards and Technology (NIST) publishes SP 800-53. This
document describes a variety of IT security controls, such as access control, incident
response, and configuration management. Controls are grouped into families. Which
NIST control family helps an organization recover from failures and disasters?
Contingency Planning(CP)
To _________ risk means to reduce or neutralize threats or vulnerabilities to an
acceptable level.
Mitigate
What changes plaintext data to ciphered data?
encryption
What characteristic is common to risk assessments and threat assessments?
They are both performed for a specific time.
What does the principle of least privilege have in common with the principle of need to
know?
WGU C795
