age 1 of 41
WGU C795 Cybersecurity Management II (Tactical) OA
ACTUAL EXAM 2025/2026 COMPLETE QUESTIONS
WITH CORRECT DETAILED ANSWERS || 100%
GUARANTEED PASS <BRAND NEW VERSION>
Name examples of security testing .......Answer.........automated
scans, tool-assisted penetration tests, and manual attempts to
undermine security
What is the difference between a security assessment and
security test? .......Answer.........Security assessments include the use
of security testing tools but go beyond with a thoughtful review
of the threat environment, current and future risks, and the value
of the targeted environment.
,age 2 of 41
What is an audit? .......Answer.........evaluations performed with
the purpose of demonstrating the effectiveness of controls to a
third party.
What is a common framework for conducting audits and
assessments? .......Answer.........Control Objectives for Information
and related Technologies (COBIT)
What is a code review? .......Answer.........developers other than
the one who wrote the code review it for defects; also known as
a peer review.
What are clipping levels? .......Answer.........establishes a baseline
violation count to ignore normal user errors; a threshold for
normal mistakes a user may commit before investigation or
notification begins
,age 3 of 41
What is a vulnerability? .......Answer.........a weakness in an
information system, system security procedures, internal controls,
or implementation that could be exploited or triggered by a
threat source.
What is a penetration test? .......Answer.........a simulated cyber
attack against your systems or company
What are the typical steps for a vulnerability test?
.......Answer.........Identify asset classification list, identify
vulnerabilities, test assets against vulnerabilities, and recommend
solutions to either eliminate or mitigate vulnerabilities
What is the first thing an organization should do before defining
security requirements? .......Answer.........To define security
requirements, first an organization must define its risk appetite.
, age 4 of 41
What is defense in depth? .......Answer.........defense-in-depth
principle; it is by adding relevant layer of controls (e.g., access
control, encryption, and monitoring) that the expected level of
protection is achieved.
What are COTS applications? .......Answer.........Applications
developed by vendors and installed on the organization's
information systems. These applications are usually purchased
outright by organizations with usage based on licensing
agreements.
What are SaaS applications? .......Answer.........Applications
developed by service providers or vendors and installed on the
provider or vendor information system. Organizations typically
have an on-demand or pay-per-usage metrics.
WGU C795 Cybersecurity Management II (Tactical) OA
ACTUAL EXAM 2025/2026 COMPLETE QUESTIONS
WITH CORRECT DETAILED ANSWERS || 100%
GUARANTEED PASS <BRAND NEW VERSION>
Name examples of security testing .......Answer.........automated
scans, tool-assisted penetration tests, and manual attempts to
undermine security
What is the difference between a security assessment and
security test? .......Answer.........Security assessments include the use
of security testing tools but go beyond with a thoughtful review
of the threat environment, current and future risks, and the value
of the targeted environment.
,age 2 of 41
What is an audit? .......Answer.........evaluations performed with
the purpose of demonstrating the effectiveness of controls to a
third party.
What is a common framework for conducting audits and
assessments? .......Answer.........Control Objectives for Information
and related Technologies (COBIT)
What is a code review? .......Answer.........developers other than
the one who wrote the code review it for defects; also known as
a peer review.
What are clipping levels? .......Answer.........establishes a baseline
violation count to ignore normal user errors; a threshold for
normal mistakes a user may commit before investigation or
notification begins
,age 3 of 41
What is a vulnerability? .......Answer.........a weakness in an
information system, system security procedures, internal controls,
or implementation that could be exploited or triggered by a
threat source.
What is a penetration test? .......Answer.........a simulated cyber
attack against your systems or company
What are the typical steps for a vulnerability test?
.......Answer.........Identify asset classification list, identify
vulnerabilities, test assets against vulnerabilities, and recommend
solutions to either eliminate or mitigate vulnerabilities
What is the first thing an organization should do before defining
security requirements? .......Answer.........To define security
requirements, first an organization must define its risk appetite.
, age 4 of 41
What is defense in depth? .......Answer.........defense-in-depth
principle; it is by adding relevant layer of controls (e.g., access
control, encryption, and monitoring) that the expected level of
protection is achieved.
What are COTS applications? .......Answer.........Applications
developed by vendors and installed on the organization's
information systems. These applications are usually purchased
outright by organizations with usage based on licensing
agreements.
What are SaaS applications? .......Answer.........Applications
developed by service providers or vendors and installed on the
provider or vendor information system. Organizations typically
have an on-demand or pay-per-usage metrics.
