WGU D333 ETHICAL ISSUES IN DATA
EXAM QUESTIONS AND ANSWERS.
VERIFIED 2025/2026.
A police department employee has access to data related to an ongoing investigation. A local
politician whom the employee supports has come under investigation. The employee accesses
the data relating to the investigation and provides the file to the politician anonymously. How
should this behavior be classified? - ANS Corruption
An IT manager implements security measures at the organization, network, application, and
employee levels. Which approach to security is the manager using? - ANS Layered Security
A new startup tech company plans to provide secure wireless access within its office for
employees and other trusted visitors. The company has concerns about competitors
eavesdropping or compromising the connections and obtaining unauthorized access to the
company's intellectual property. The company is considering using Wireless Protected Access 2
(WPA2) to secure data in transit. Which protocol does this wireless protection implement? -
ANS AES (Advanced Encryption Standard)
A Federal Bureau of Investigation (FBI) agent monitors a telephone conversation between a 12-
year-old child and the child's stepfather. The monitoring is part of a criminal investigation. A
warrant was not obtained prior to commencement of the monitoring. Which law or regulation
did the agent violate? - ANS Wiretap Act
A U.S. company launched an e-commerce platform in the European Union (EU). The board of
directors raised concerns about compliance with applicable privacy regulations and the
collection of customer information. Which regulation applies to this scenario? - ANS General
Data Protection Regulation (GDPR)
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, A social media website collected personal information about consumers when they subscribed
to the service. Subscribers opted in or out before creating their online profiles. Which European
Union Data Protection Directive did the website follow? - ANS Choice
A company is engaged as a third party to perform debt collection on behalf of a
telecommunications provider. The company operates an outbound call center to contact
debtors and set up payment arrangements. The company needs to ensure that the debtors'
data privacy is not at risk. Which two areas should the company ensure are properly managed? -
ANS Network Security // Insider Access
A company is using software to track workforce operational activity. Management
communicates that the data collected will be treated as sensitive. Administrative and technical
security measures are put in place to protect employee data. These measures include
periodically culling records that are no longer relevant. Which additional measure should be
taken to safeguard employee data from misuse? - ANS Limit who can view employee data
A retail company experiences a data breach. Customer data is stolen, including credit card
numbers, names, addresses, and account passwords. The attackers have amassed enough
combinations of personally identifiable information (PII) to commit identity theft. Which
adverse impacts, in addition to the loss of business, does the company face? -
ANS Reputational damage and the need to provide support for victims.
An attending physician at a local hospital receives an email with a link that appears to be from a
neighboring clinic. When the physician clicks the link, computers throughout the hospital freeze,
and patient information can no longer be accessed. A message appears demanding payment of
five bitcoins within 48 hours to decrypt the hospital database and threatening that without
payment, all information will be deleted. Which type of exploit is this? - ANS Ransomware
What is the cause of the rise in computer-related security issues, particularly among small- and
medium-sized businesses? - ANS Bring Your Own Device (BYOD) Policies
A company is notified of a breach of its systems. An investigation reveals that although no
financial information was taken, the customer records for all its customers, including names,
email addresses, and passwords, may have been taken. Although it is uncertain whether the
records were taken, evidence suggests that the intruders accessed the database containing the
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
EXAM QUESTIONS AND ANSWERS.
VERIFIED 2025/2026.
A police department employee has access to data related to an ongoing investigation. A local
politician whom the employee supports has come under investigation. The employee accesses
the data relating to the investigation and provides the file to the politician anonymously. How
should this behavior be classified? - ANS Corruption
An IT manager implements security measures at the organization, network, application, and
employee levels. Which approach to security is the manager using? - ANS Layered Security
A new startup tech company plans to provide secure wireless access within its office for
employees and other trusted visitors. The company has concerns about competitors
eavesdropping or compromising the connections and obtaining unauthorized access to the
company's intellectual property. The company is considering using Wireless Protected Access 2
(WPA2) to secure data in transit. Which protocol does this wireless protection implement? -
ANS AES (Advanced Encryption Standard)
A Federal Bureau of Investigation (FBI) agent monitors a telephone conversation between a 12-
year-old child and the child's stepfather. The monitoring is part of a criminal investigation. A
warrant was not obtained prior to commencement of the monitoring. Which law or regulation
did the agent violate? - ANS Wiretap Act
A U.S. company launched an e-commerce platform in the European Union (EU). The board of
directors raised concerns about compliance with applicable privacy regulations and the
collection of customer information. Which regulation applies to this scenario? - ANS General
Data Protection Regulation (GDPR)
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, A social media website collected personal information about consumers when they subscribed
to the service. Subscribers opted in or out before creating their online profiles. Which European
Union Data Protection Directive did the website follow? - ANS Choice
A company is engaged as a third party to perform debt collection on behalf of a
telecommunications provider. The company operates an outbound call center to contact
debtors and set up payment arrangements. The company needs to ensure that the debtors'
data privacy is not at risk. Which two areas should the company ensure are properly managed? -
ANS Network Security // Insider Access
A company is using software to track workforce operational activity. Management
communicates that the data collected will be treated as sensitive. Administrative and technical
security measures are put in place to protect employee data. These measures include
periodically culling records that are no longer relevant. Which additional measure should be
taken to safeguard employee data from misuse? - ANS Limit who can view employee data
A retail company experiences a data breach. Customer data is stolen, including credit card
numbers, names, addresses, and account passwords. The attackers have amassed enough
combinations of personally identifiable information (PII) to commit identity theft. Which
adverse impacts, in addition to the loss of business, does the company face? -
ANS Reputational damage and the need to provide support for victims.
An attending physician at a local hospital receives an email with a link that appears to be from a
neighboring clinic. When the physician clicks the link, computers throughout the hospital freeze,
and patient information can no longer be accessed. A message appears demanding payment of
five bitcoins within 48 hours to decrypt the hospital database and threatening that without
payment, all information will be deleted. Which type of exploit is this? - ANS Ransomware
What is the cause of the rise in computer-related security issues, particularly among small- and
medium-sized businesses? - ANS Bring Your Own Device (BYOD) Policies
A company is notified of a breach of its systems. An investigation reveals that although no
financial information was taken, the customer records for all its customers, including names,
email addresses, and passwords, may have been taken. Although it is uncertain whether the
records were taken, evidence suggests that the intruders accessed the database containing the
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
