WGU C725 INFORMATION SECURITY AND ASSURANCE –
(QBANK) QUESTIONS WITH SOLUTIONS (100%)
Which two passwords are the weakest?
A. Pa$$w0Rd%^78
B. Love@$MySon80
C. C@1Il@VEm1
D. Password1234 Right Ans - BD
Which two secure methods should be used to keep track of passwords?
A. Encrypt text files of them on the user's workstation
B. Store them on a sticky note in a convenient spot
C. Share them with a trusted manager or coworker
D. Organization-approved password storage software Right Ans - AD
Which groups typically report to the chief security officer (CSO)?
A. Security engineering and operations
B. Physical and software security
C. Audit and incident response
D. Facilities and information technology functions Right Ans - A
A company is considering which controls to buy to protect an asset.
What should the price of the controls be in relation to the cost of the asset?
A. Less than the annual loss expectancy
B. More than the annual loss expectancy
C. Equal to the cost of the asset
D. More than the cost of the asset Right Ans - A
How many keys are used in asymmetric encryption?
A. No keys are used to encrypt and decrypt a message.
B. One key is used to encrypt and decrypt a message.
C. Two keys are used to encrypt and decrypt a message.
,D. Three keys are used to encrypt and decrypt a message. Right Ans - C
Which protocol is a variant of a standard web transfer protocol that adds a
layer of security on the data in transit using a secure socket layer?
A. HTTPS
B. HTTP
C. FTP
D. SFTP Right Ans - A
Which description characterizes symmetric cryptography?
A. The same key is used to lock and unlock the cipher.
B. Two separate but unrelated keys are used to unlock the cipher.
C. Two separate and related keys are used to unlock the cipher.
D. Keys are unnecessary when using symmetric cryptography to unlock a
cipher. Right Ans - A
An employee uses a secure hashing algorithm for message integrity. The
employee sends a plain text message with the embedded hash to a colleague.
A rogue device receives and retransmits the message to its destination. Once
received and checked by the intended recipient, the hashes do not match.
Which STRIDE concept has been violated?
A. Tampering
B. Repudiation
C. Elevation of privilege
D. Denial-of-service Right Ans - A
An attacker accesses private emails between the company's CISO and board
members. The attacker then publishes the emails online.
Which type of an attack is this, according to the STRIDE model?
A. Repudiation
B. Information disclosure
C. Elevation of privilege
D. Tampering Right Ans - B
,A security guard at the front desk of a building checks every employee's name
badge with their photo before they are allowed in the building.
Which two factors have been checked to verify identity?
A. Something you have, something you are
B. Something you have, something you know
C. Something you know, where you are at
D. Where you are at, something you are Right Ans - A
A system data owner needs to give access to a new employee, so the owner
formally requests that the system administrator create an account and permit
the new employee to use systems necessary to the job.
Which type of control does the system administrator use to grant these
permissions?
A. Physical
B. Protocol
C. Access
D. Firewall Right Ans - C
The chief information security officer (CISO) for an organization knows that
the organization's datacenter lacks the physical controls needed to adequately
control access to sensitive corporate systems. The CEO, CIO, and CFO feel that
the current physical access is within a tolerable risk level, and they agree not
to pay for upgrades to the facility.
Which risk management strategy has the senior leadership decided to
employ?
A. Deterrence
B. Assignment
C. Acceptance
D. Avoidance Right Ans - C
Which phase of the software development life cycle follows system design?
A. System requirements
, B. Development
C. Testing
D. Deployment Right Ans - B
Which question relates to the functional aspect of computer security?
A. Does the system do the right things in the right way?
B. Does the security staff do the right job in the right way?
C. Does the system do the right things in the wrong way?
D. Does the security staff do the right job in the wrong way? Right Ans - A
Which leg of the CIA triad is addressed when a business contracts with a cloud
vendor to backup its information?
A. Information
B. Availability
C. Integrity
D. Confidentiality Right Ans - B
Which action is an example of a loss of information integrity based on the CIA
triad?
A. A system administrator uses another administrator's password without
request.
B. A security engineer accidentally scrambles information in a database.
C. A help desk employee verifies customers' identities before changing
passwords.
D. A help desk employee refuses to share an employee's information with a
partner. Right Ans - B
What is included in quantitative risk analysis?
A. Risk ranking
B. Risk mitigation
C. Risk transfer
D. Risk insurance Right Ans - A
What is a fundamentally objective concept in determining risk?
(QBANK) QUESTIONS WITH SOLUTIONS (100%)
Which two passwords are the weakest?
A. Pa$$w0Rd%^78
B. Love@$MySon80
C. C@1Il@VEm1
D. Password1234 Right Ans - BD
Which two secure methods should be used to keep track of passwords?
A. Encrypt text files of them on the user's workstation
B. Store them on a sticky note in a convenient spot
C. Share them with a trusted manager or coworker
D. Organization-approved password storage software Right Ans - AD
Which groups typically report to the chief security officer (CSO)?
A. Security engineering and operations
B. Physical and software security
C. Audit and incident response
D. Facilities and information technology functions Right Ans - A
A company is considering which controls to buy to protect an asset.
What should the price of the controls be in relation to the cost of the asset?
A. Less than the annual loss expectancy
B. More than the annual loss expectancy
C. Equal to the cost of the asset
D. More than the cost of the asset Right Ans - A
How many keys are used in asymmetric encryption?
A. No keys are used to encrypt and decrypt a message.
B. One key is used to encrypt and decrypt a message.
C. Two keys are used to encrypt and decrypt a message.
,D. Three keys are used to encrypt and decrypt a message. Right Ans - C
Which protocol is a variant of a standard web transfer protocol that adds a
layer of security on the data in transit using a secure socket layer?
A. HTTPS
B. HTTP
C. FTP
D. SFTP Right Ans - A
Which description characterizes symmetric cryptography?
A. The same key is used to lock and unlock the cipher.
B. Two separate but unrelated keys are used to unlock the cipher.
C. Two separate and related keys are used to unlock the cipher.
D. Keys are unnecessary when using symmetric cryptography to unlock a
cipher. Right Ans - A
An employee uses a secure hashing algorithm for message integrity. The
employee sends a plain text message with the embedded hash to a colleague.
A rogue device receives and retransmits the message to its destination. Once
received and checked by the intended recipient, the hashes do not match.
Which STRIDE concept has been violated?
A. Tampering
B. Repudiation
C. Elevation of privilege
D. Denial-of-service Right Ans - A
An attacker accesses private emails between the company's CISO and board
members. The attacker then publishes the emails online.
Which type of an attack is this, according to the STRIDE model?
A. Repudiation
B. Information disclosure
C. Elevation of privilege
D. Tampering Right Ans - B
,A security guard at the front desk of a building checks every employee's name
badge with their photo before they are allowed in the building.
Which two factors have been checked to verify identity?
A. Something you have, something you are
B. Something you have, something you know
C. Something you know, where you are at
D. Where you are at, something you are Right Ans - A
A system data owner needs to give access to a new employee, so the owner
formally requests that the system administrator create an account and permit
the new employee to use systems necessary to the job.
Which type of control does the system administrator use to grant these
permissions?
A. Physical
B. Protocol
C. Access
D. Firewall Right Ans - C
The chief information security officer (CISO) for an organization knows that
the organization's datacenter lacks the physical controls needed to adequately
control access to sensitive corporate systems. The CEO, CIO, and CFO feel that
the current physical access is within a tolerable risk level, and they agree not
to pay for upgrades to the facility.
Which risk management strategy has the senior leadership decided to
employ?
A. Deterrence
B. Assignment
C. Acceptance
D. Avoidance Right Ans - C
Which phase of the software development life cycle follows system design?
A. System requirements
, B. Development
C. Testing
D. Deployment Right Ans - B
Which question relates to the functional aspect of computer security?
A. Does the system do the right things in the right way?
B. Does the security staff do the right job in the right way?
C. Does the system do the right things in the wrong way?
D. Does the security staff do the right job in the wrong way? Right Ans - A
Which leg of the CIA triad is addressed when a business contracts with a cloud
vendor to backup its information?
A. Information
B. Availability
C. Integrity
D. Confidentiality Right Ans - B
Which action is an example of a loss of information integrity based on the CIA
triad?
A. A system administrator uses another administrator's password without
request.
B. A security engineer accidentally scrambles information in a database.
C. A help desk employee verifies customers' identities before changing
passwords.
D. A help desk employee refuses to share an employee's information with a
partner. Right Ans - B
What is included in quantitative risk analysis?
A. Risk ranking
B. Risk mitigation
C. Risk transfer
D. Risk insurance Right Ans - A
What is a fundamentally objective concept in determining risk?
