lOMoAR cPSD| 57394295
WGU C725 FINAL PRACTICE EXAM |2025-2026 LATEST UPDATED | REAL EXAM AND
COMPLETE QUESTIONS AND ANSWERS | 100% RATED CORRECT | 100% VERFIED |
ALREADY GRADED A+
1. Which groups typically report to the chief security officer (CSO)?:✓✓✓
Security engineering and operations
2. A company is considering which controls to buy to protect an asset.
What should the price of the controls be in relation to the cost of the
asset?: ✓✓✓ Less than the annual loss expectancy
3. An employee uses a secure hashing algorithm for message integrity.
The employee sends a plain text message with the embedded hash to a
colleague. A rogue device receives and retransmits the message to its
destination. Once received and checked by the intended recipient, the
hashes do not match.
Which STRIDE concept has been violated?: ✓✓✓ Tampering
4. An attacker accesses private emails between the company's CISO and
board members. The attacker then publishes the emails online. Which
type
GET TESTS FROM ELEGANT TESTS ()
, lOMoAR cPSD| 57394295
1 / 14
, lOMoAR cPSD| 57394295
of an attack is this, according to the STRIDE model?: ✓✓✓ Information
disclosure
5. A system data owner needs to give access to a new employee, so the
owner formally requests that the system administrator create an
account and permit the new employee to use systems necessary to
the job. Which type of control does the system administrator use to
grant these permissions?: Access
6. The chief information security officer (CISO) for an organization
knows that the organization's datacenter lacks the physical controls
needed to adequate- ly control access to sensitive corporate systems.
The CEO, CIO, and CFO feel that the current physical access is within
a tolerable risk level, and they agree not to pay for upgrades to the
facility.
Which risk management strategy has the senior leadership decided to
employ?: Acceptance
7. Which phase of the software development life cycle follows system
design?-
: Development
GET TESTS FROM ELEGANT TESTS ()
, lOMoAR cPSD| 57394295
2 / 14
8. Which question relates to the functional aspect of computer
security?:
Does the system do the right things in the right way?
9. Which action is an example of a loss of information integrity based on
the CIA triad?: A security engineer accidentally scrambles
information in a database.
10. What is included in quantitative risk analysis?: Risk ranking
11. What is a fundamentally objective concept in determining risk?:
Resource costs
12. Which domain of the (ISC)² Common Body of Knowledge addresses
pro- cedures and tools that eliminate or reduce the capability to
exploit
critical information?: Operations Security
WGU C725 FINAL PRACTICE EXAM |2025-2026 LATEST UPDATED | REAL EXAM AND
COMPLETE QUESTIONS AND ANSWERS | 100% RATED CORRECT | 100% VERFIED |
ALREADY GRADED A+
1. Which groups typically report to the chief security officer (CSO)?:✓✓✓
Security engineering and operations
2. A company is considering which controls to buy to protect an asset.
What should the price of the controls be in relation to the cost of the
asset?: ✓✓✓ Less than the annual loss expectancy
3. An employee uses a secure hashing algorithm for message integrity.
The employee sends a plain text message with the embedded hash to a
colleague. A rogue device receives and retransmits the message to its
destination. Once received and checked by the intended recipient, the
hashes do not match.
Which STRIDE concept has been violated?: ✓✓✓ Tampering
4. An attacker accesses private emails between the company's CISO and
board members. The attacker then publishes the emails online. Which
type
GET TESTS FROM ELEGANT TESTS ()
, lOMoAR cPSD| 57394295
1 / 14
, lOMoAR cPSD| 57394295
of an attack is this, according to the STRIDE model?: ✓✓✓ Information
disclosure
5. A system data owner needs to give access to a new employee, so the
owner formally requests that the system administrator create an
account and permit the new employee to use systems necessary to
the job. Which type of control does the system administrator use to
grant these permissions?: Access
6. The chief information security officer (CISO) for an organization
knows that the organization's datacenter lacks the physical controls
needed to adequate- ly control access to sensitive corporate systems.
The CEO, CIO, and CFO feel that the current physical access is within
a tolerable risk level, and they agree not to pay for upgrades to the
facility.
Which risk management strategy has the senior leadership decided to
employ?: Acceptance
7. Which phase of the software development life cycle follows system
design?-
: Development
GET TESTS FROM ELEGANT TESTS ()
, lOMoAR cPSD| 57394295
2 / 14
8. Which question relates to the functional aspect of computer
security?:
Does the system do the right things in the right way?
9. Which action is an example of a loss of information integrity based on
the CIA triad?: A security engineer accidentally scrambles
information in a database.
10. What is included in quantitative risk analysis?: Risk ranking
11. What is a fundamentally objective concept in determining risk?:
Resource costs
12. Which domain of the (ISC)² Common Body of Knowledge addresses
pro- cedures and tools that eliminate or reduce the capability to
exploit
critical information?: Operations Security
