Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

WGU C727 Cybersecurity Management Final Exam 2025/2026 – Verified Questions and 100% Correct Answers with Explanations

Rating
-
Sold
-
Pages
19
Grade
A+
Uploaded on
30-09-2025
Written in
2025/2026

WGU C727 Cybersecurity Management Final Exam 2025/2026 – Verified Questions and 100% Correct Answers with Explanations

Institution
WGU C727
Course
WGU C727

Content preview

WGU C727 Cybersecurity Management
Final Exam 2025/2026 – Verified Questions
and 100% Correct Answers with
Explanations
Question 1: Which of the following best defines cybersecurity risk management?

A) The process of identifying, assessing, and prioritizing risks to information assets B)
Implementing firewalls and antivirus software on all endpoints C) Conducting annual employee
training on phishing awareness D) Auditing vendor contracts for data protection clauses

A) The process of identifying, assessing, and prioritizing risks to information assets

Explanation: Cybersecurity risk management is a structured approach outlined in frameworks
like NIST SP 800-30, involving identification of threats and vulnerabilities, assessment of
potential impacts, and prioritization based on likelihood and severity. This holistic process
ensures resources are allocated effectively, unlike the more tactical options B, C, and D, which
are components but not the full definition. In practice, organizations use this to align security
with business objectives, reducing overall exposure.

Question 2: In the context of NIST Cybersecurity Framework, what is the
primary purpose of the "Identify" function?

A) To develop and implement safeguards to ensure delivery of critical services B) To understand
cybersecurity risks to organizational operations, assets, and individuals C) To improve
capabilities to detect cybersecurity events in a timely manner D) To contain the impact of
potential cybersecurity events

B) To understand cybersecurity risks to organizational operations, assets, and individuals

Explanation: The NIST CSF's "Identify" function focuses on creating an organizational
understanding of cybersecurity risk, including asset management, risk assessment, and supply
chain risk management. This foundational step informs all other functions (Protect, Detect,
Respond, Recover). Options A, C, and D correspond to Protect, Detect, and Respond functions,
respectively. Effective identification prevents reactive spending and supports strategic decision-
making in dynamic threat landscapes.

Question 3: Which ISO 27001 control category emphasizes the need for a formal
information security policy?

A) Organizational Controls B) Human Resource Security C) Physical and Environmental
Security D) Operations Security

,A) Organizational Controls

Explanation: ISO 27001's Annex A.5 (Organizational Controls) includes A.5.1.1, which
mandates a management-directed information security policy to set the tone for security
governance. This ensures alignment with business goals and compliance. Other categories
address specific areas like HR (A.7) or physical access (A.11), but the policy is organizational.
In management, this control fosters a security culture, reducing insider threats by up to 30%
according to industry studies.

Question 4: What is the main goal of a Business Impact Analysis (BIA) in
cybersecurity management?

A) To evaluate the financial cost of insurance premiums for cyber risks B) To identify critical
business functions and the potential impact of disruptions C) To rank employees by their access
levels to sensitive data D) To test the speed of network recovery after a DDoS attack

B) To identify critical business functions and the potential impact of disruptions

Explanation: A BIA, as per NIST SP 800-34, quantifies the effects of disruptions on recovery
time objectives (RTO) and recovery point objectives (RPO), prioritizing recovery efforts. It's
essential for business continuity planning. Options A, C, and D are unrelated; financial
evaluation is part of risk assessment, not BIA. In practice, BIAs help justify budgets, with mature
organizations seeing 20-50% faster recovery times post-implementation.

Question 5: Which of the following is a key principle of the CIA triad in
information security?

A) Confidentiality, Integrity, and Availability B) Cost, Implementation, and Auditing C)
Compliance, Innovation, and Adaptability D) Capacity, Integration, and Automation

A) Confidentiality, Integrity, and Availability

Explanation: The CIA triad is the foundational model for information security, ensuring data is
protected from unauthorized access (Confidentiality), unaltered (Integrity), and accessible when
needed (Availability). All modern frameworks, including ISO 27001 and NIST, build on this.
Other options are distractors; for example, C relates to governance but not core security
principles. Breaches often stem from CIA violations, costing global economies $8 trillion
annually in 2023 per Cybersecurity Ventures.

Question 6: In risk management, what does the term "inherent risk" refer to?

A) The risk level after applying controls B) The risk level before any controls or mitigations are
applied C) The risk associated with third-party vendors only D) The risk of natural disasters
impacting data centers

B) The risk level before any controls or mitigations are applied

, Explanation: Inherent risk represents the baseline exposure to threats and vulnerabilities without
safeguards, as defined in COSO and NIST frameworks. It's contrasted with residual risk (post -
controls). This distinction aids in control design. Options A (residual risk), C (supply chain risk),
and D (physical risk) are subsets or different concepts. Understanding inherent risk helps
managers allocate resources proportionally to high-exposure areas.

Question 7: Which framework is primarily used for evaluating cybersecurity
program maturity?

A) COBIT 2019 B) CIS Controls v8 C) NIST Cybersecurity Framework D) All of the above

D) All of the above

Explanation: COBIT 2019 assesses governance maturity, CIS Controls provide implementation
benchmarks, and NIST CSF uses tiers (1-4) for maturity evaluation. Each serves complementary
roles in a holistic assessment. Selecting one framework limits scope; integrated use is best
practice. Organizations at higher maturity levels report 50% fewer incidents, per Ponemon
Institute studies.

Question 8: What is the purpose of a Security Awareness Training (SAT)
program in cybersecurity management?

A) To certify employees as ethical hackers B) To reduce human-related security incidents
through education C) To automate patch management processes D) To encrypt all internal
communications

B) To reduce human-related security incidents through education

Explanation: SAT programs, mandated by standards like PCI DSS Requirement 12.6, aim to
build a human firewall by teaching phishing recognition, password hygiene, and policy
adherence. Human error causes 74% of breaches (Verizon DBIR 2023). Options A, C, and D are
technical or specialized, not broad awareness goals. Effective SAT can lower phishing success
by 40-60%.

Question 9: Which of the following is an example of a detective security control?

A) Firewall blocking unauthorized traffic B) Intrusion Detection System (IDS) alerting on
anomalies C) Multi-factor authentication (MFA) for logins D) Data encryption at rest

B) Intrusion Detection System (IDS) alerting on anomalies

Explanation: Detective controls identify incidents after occurrence, like IDS monitoring per
NIST SP 800-53 (SI-4). Preventive controls (A, C) stop threats; corrective (none here) fix issues.
Encryption (D) is preventive/confidentiality-focused. IDS integration with SIEM enhances
response, reducing mean time to detect (MTTD) to under 24 hours in mature programs.

Written for

Institution
WGU C727
Course
WGU C727

Document information

Uploaded on
September 30, 2025
Number of pages
19
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

  • wgu c727
$15.50
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
TutorRicks Chamberlain College Of Nursing
View profile
Follow You need to be logged in order to follow users or courses
Sold
325
Member since
2 year
Number of followers
50
Documents
2839
Last sold
17 hours ago

3.7

44 reviews

5
22
4
5
3
8
2
1
1
8

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions