WGU C845 (ISC)2 CERTIFIED IN
CYBERSECURITY - EXAM PREP
A9system9that9collects9transactional9information9and9stores9it9in9a9record9in9order9to9s
how9which9users9performed9which9actions9is9an9example9of9providing9________.9(D1,
9L1.1.1)
A)9Non-repudiation
B)9Multifactor9authentication
C)9Biometrics
D)9Privacy9-9ans✔A)9Non-repudiation
In9risk9management9concepts,9a(n)9___________9is9something9or9someone9that9pose
s9risk9to9an9organization9or9asset.9(D1,9L1.2.1)
A)9Fear
B)9Threat
C)9Control
D)9Asset9-9ans✔B)9Threat
A9software9firewall9is9an9application9that9runs9on9a9device9and9prevents9specific9types
9of9traffic9from9entering9that9device.9This9is9a9type9of9________9control.9(D1,9L1.3.1)
A)9Physical
B)9Administrative
C)9Passive
D)9Technical9-9ans✔D)9Technical
Tina9is9an9(ISC)²9member9and9is9invited9to9join9an9online9group9of9IT9security9enthusi
asts.9After9attending9a9few9online9sessions,9Tina9learns9that9some9participants9in9the9
group9are9sharing9malware9with9each9other,9in9order9to9use9it9against9other9organizati
ons9online.9What9should9Tina9do?9(D1,9L1.5.1)
,A)9Nothing
B)9Stop9participating9in9the9group
C)9Report9the9group9to9law9enforcement
D)9Report9the9group9to9(ISC)²9-9ans✔B)9Stop9participating9in9the9group
The9city9of9Grampon9wants9to9ensure9that9all9of9its9citizens9are9protected9from9malwar
e,9so9the9city9council9creates9a9rule9that9anyone9caught9creating9and9launching9malwa
re9within9the9city9limits9will9receive9a9fine9and9go9to9jail.9What9kind9of9rule9is9this?
9(D1,9L1.4.1)
A)9Policy
B)9Procedure
C)9Standard
D)9Law9-9ans✔D)9Law
The9Payment9Card9Industry9(PCI)9Council9is9a9committee9made9up9of9representatives
9from9major9credit9card9providers9(Visa,9Mastercard,9American9Express)9in9the9United9
States.9The9PCI9Council9issues9rules9that9merchants9must9follow9if9the9merchants9cho
ose9to9accept9payment9via9credit9card.9These9rules9describe9best9practices9for9securi
ng9credit9card9processing9technology,9activities9for9securing9credit9card9information,9a
nd9how9to9protect9customers'9personal9data.9This9set9of9rules9is9a9_____.9(D1,9L1.4.2)
A)9Law
B)9Policy
C)9Standard
D)9Procedure9-9ans✔C)9Standard
Aphrodite9is9a9member9of9(ISC)²9and9a9data9analyst9for9Triffid9Corporation.9While9Aph
rodite9is9reviewing9user9log9data,9Aphrodite9discovers9that9another9Triffid9employee9is9
violating9the9acceptable9use9policy9and9watching9streaming9videos9during9work9hours.
9What9should9Aphrodite9do?9(D1,9L1.5.1)
A)9Inform9(ISC)²
B)9Inform9law9enforcement
C)9Inform9Triffid9management
D)9Nothing9-9ans✔C)9Inform9Triffid9management
Triffid9Corporation9has9a9rule9that9all9employees9working9with9sensitive9hardcopy9docu
ments9must9put9the9documents9into9a9safe9at9the9end9of9the9workday,9where9they9are
9locked9up9until9the9following9workday.9What9kind9of9control9is9the9process9of9putting9t
he9documents9into9the9safe?9(D1,9L1.3.1)
A)9Administrative
B)9Tangential
C)9Physical
D)9Technical9-9ans✔A)9Administrative
,Kerpak9works9in9the9security9office9of9a9medium-
sized9entertainment9company.9Kerpak9is9asked9to9assess9a9particular9threat,9and9he9s
uggests9that9the9best9way9to9counter9this9threat9would9be9to9purchase9and9implement
9a9particular9security9solution.9This9is9an9example9of9_______.9(D1,9L1.2.2)
A)9Acceptance
B)9Avoidance
C)9Mitigation
D)9Transference9-9ans✔C)9Mitigation
The9Triffid9Corporation9publishes9a9policy9that9states9all9personnel9will9act9in9a9manne
r9that9protects9health9and9human9safety.9The9security9office9is9tasked9with9writing9a9d
etailed9set9of9processes9on9how9employees9should9wear9protective9gear9such9as9hard
hats9and9gloves9when9in9hazardous9areas.9This9detailed9set9of9processes9is9a9_____
____.9(D1,9L1.4.1)
A)9Policy
B)9Procedure
C)9Standard
D)9Law9-9ans✔B)9Procedure
The9senior9leadership9of9Triffid9Corporation9decides9that9the9best9way9to9minimize9liab
ility9for9the9company9is9to9demonstrate9the9company's9commitment9to9adopting9best9p
ractices9recognized9throughout9the9industry.9Triffid9management9issues9a9document9th
at9explains9that9Triffid9will9follow9the9best9practices9published9by9SANS,9an9industry9b
ody9that9addresses9computer9and9information9security.
The9Triffid9document9is9a9______,9and9the9SANS9documents9are9________.9(D1,9L1.
4.2)
A)9Law,9policy
B)9Policy,9standard
C)9Policy,9law
D)9Procedure,9procedure9-9ans✔B)9Policy,9standard
Zarma9is9an9(ISC)²9member9and9a9security9analyst9for9Triffid9Corporation.9One9of9Zar
ma's9colleagues9is9interested9in9getting9an9(ISC)29certification9and9asks9Zarma9what9t
he9test9questions9are9like.9What9should9Zarma9do?9(D1,9L1.5.1)
A)9Inform9(ISC)²
B)9Explain9the9style9and9format9of9the9questions,9but9no9detail
C)9Inform9the9colleague's9supervisor
D)9Nothing9-9ans✔B)9Explain9the9style9and9format9of9the9questions,9but9no9detail
Of9the9following,9which9would9probably9not9be9considered9a9threat?9(D1,9L1.2.1)
, A)9Natural9disaster
B)9Unintentional9damage9to9the9system9caused9by9a9user
C)9A9laptop9with9sensitive9data9on9it
D)9An9external9attacker9trying9to9gain9unauthorized9access9to9the9environment9-
9ans✔C)9A9laptop9with9sensitive9data9on9it
Siobhan9is9an9(ISC)²9member9who9works9for9Triffid9Corporation9as9a9security9analyst.9
Yesterday,9Siobhan9got9a9parking9ticket9while9shopping9after9work.9What9should9Siob
han9do?9(D1,9L1.5.1)
A)9Inform9(ISC)²
B)9Pay9the9parking9ticket
C)9Inform9supervisors9at9Triffid
D)9Resign9employment9from9Triffid9-9ans✔B)9Pay9the9parking9ticket
Which9of9the9following9is9an9example9of9a9"something9you9are"9authentication9factor?
9(D1,9L1.1.1)
A)9A9credit9card9presented9to9a9cash9machine
B)9Your9password9and9PIN
C)9A9user9ID
D)9A9photograph9of9your9face9-9ans✔D)9A9photograph9of9your9face
For9which9of9the9following9systems9would9the9security9concept9of9availability9probably9
be9most9important?9(D1,9L1.1.1)
A)9Medical9systems9that9store9patient9data
B)9Retail9records9of9past9transactions
C)9Online9streaming9of9camera9feeds9that9display9historical9works9of9art9in9museums9
around9the9world
D)9Medical9systems9that9monitor9patient9condition9in9an9intensive9care9unit9-
9ans✔D)9Medical9systems9that9monitor9patient9condition9in9an9intensive9care9unit
In9risk9management9concepts,9a(n)9_________9is9something9a9security9practitioner9mi
ght9need9to9protect.9(D1,9L1.2.1)
A)9Vulnerability
B)9Asset
C)9Threat
D)9Likelihood9-9ans✔B)9Asset
Triffid9Corporation9has9a9policy9that9all9employees9must9receive9security9awareness9in
struction9before9using9email;9the9company9wants9to9make9employees9aware9of9potenti
al9phishing9attempts9that9the9employees9might9receive9via9email.9What9kind9of9control
9is9this9instruction?9(D1,9L1.3.1)
CYBERSECURITY - EXAM PREP
A9system9that9collects9transactional9information9and9stores9it9in9a9record9in9order9to9s
how9which9users9performed9which9actions9is9an9example9of9providing9________.9(D1,
9L1.1.1)
A)9Non-repudiation
B)9Multifactor9authentication
C)9Biometrics
D)9Privacy9-9ans✔A)9Non-repudiation
In9risk9management9concepts,9a(n)9___________9is9something9or9someone9that9pose
s9risk9to9an9organization9or9asset.9(D1,9L1.2.1)
A)9Fear
B)9Threat
C)9Control
D)9Asset9-9ans✔B)9Threat
A9software9firewall9is9an9application9that9runs9on9a9device9and9prevents9specific9types
9of9traffic9from9entering9that9device.9This9is9a9type9of9________9control.9(D1,9L1.3.1)
A)9Physical
B)9Administrative
C)9Passive
D)9Technical9-9ans✔D)9Technical
Tina9is9an9(ISC)²9member9and9is9invited9to9join9an9online9group9of9IT9security9enthusi
asts.9After9attending9a9few9online9sessions,9Tina9learns9that9some9participants9in9the9
group9are9sharing9malware9with9each9other,9in9order9to9use9it9against9other9organizati
ons9online.9What9should9Tina9do?9(D1,9L1.5.1)
,A)9Nothing
B)9Stop9participating9in9the9group
C)9Report9the9group9to9law9enforcement
D)9Report9the9group9to9(ISC)²9-9ans✔B)9Stop9participating9in9the9group
The9city9of9Grampon9wants9to9ensure9that9all9of9its9citizens9are9protected9from9malwar
e,9so9the9city9council9creates9a9rule9that9anyone9caught9creating9and9launching9malwa
re9within9the9city9limits9will9receive9a9fine9and9go9to9jail.9What9kind9of9rule9is9this?
9(D1,9L1.4.1)
A)9Policy
B)9Procedure
C)9Standard
D)9Law9-9ans✔D)9Law
The9Payment9Card9Industry9(PCI)9Council9is9a9committee9made9up9of9representatives
9from9major9credit9card9providers9(Visa,9Mastercard,9American9Express)9in9the9United9
States.9The9PCI9Council9issues9rules9that9merchants9must9follow9if9the9merchants9cho
ose9to9accept9payment9via9credit9card.9These9rules9describe9best9practices9for9securi
ng9credit9card9processing9technology,9activities9for9securing9credit9card9information,9a
nd9how9to9protect9customers'9personal9data.9This9set9of9rules9is9a9_____.9(D1,9L1.4.2)
A)9Law
B)9Policy
C)9Standard
D)9Procedure9-9ans✔C)9Standard
Aphrodite9is9a9member9of9(ISC)²9and9a9data9analyst9for9Triffid9Corporation.9While9Aph
rodite9is9reviewing9user9log9data,9Aphrodite9discovers9that9another9Triffid9employee9is9
violating9the9acceptable9use9policy9and9watching9streaming9videos9during9work9hours.
9What9should9Aphrodite9do?9(D1,9L1.5.1)
A)9Inform9(ISC)²
B)9Inform9law9enforcement
C)9Inform9Triffid9management
D)9Nothing9-9ans✔C)9Inform9Triffid9management
Triffid9Corporation9has9a9rule9that9all9employees9working9with9sensitive9hardcopy9docu
ments9must9put9the9documents9into9a9safe9at9the9end9of9the9workday,9where9they9are
9locked9up9until9the9following9workday.9What9kind9of9control9is9the9process9of9putting9t
he9documents9into9the9safe?9(D1,9L1.3.1)
A)9Administrative
B)9Tangential
C)9Physical
D)9Technical9-9ans✔A)9Administrative
,Kerpak9works9in9the9security9office9of9a9medium-
sized9entertainment9company.9Kerpak9is9asked9to9assess9a9particular9threat,9and9he9s
uggests9that9the9best9way9to9counter9this9threat9would9be9to9purchase9and9implement
9a9particular9security9solution.9This9is9an9example9of9_______.9(D1,9L1.2.2)
A)9Acceptance
B)9Avoidance
C)9Mitigation
D)9Transference9-9ans✔C)9Mitigation
The9Triffid9Corporation9publishes9a9policy9that9states9all9personnel9will9act9in9a9manne
r9that9protects9health9and9human9safety.9The9security9office9is9tasked9with9writing9a9d
etailed9set9of9processes9on9how9employees9should9wear9protective9gear9such9as9hard
hats9and9gloves9when9in9hazardous9areas.9This9detailed9set9of9processes9is9a9_____
____.9(D1,9L1.4.1)
A)9Policy
B)9Procedure
C)9Standard
D)9Law9-9ans✔B)9Procedure
The9senior9leadership9of9Triffid9Corporation9decides9that9the9best9way9to9minimize9liab
ility9for9the9company9is9to9demonstrate9the9company's9commitment9to9adopting9best9p
ractices9recognized9throughout9the9industry.9Triffid9management9issues9a9document9th
at9explains9that9Triffid9will9follow9the9best9practices9published9by9SANS,9an9industry9b
ody9that9addresses9computer9and9information9security.
The9Triffid9document9is9a9______,9and9the9SANS9documents9are9________.9(D1,9L1.
4.2)
A)9Law,9policy
B)9Policy,9standard
C)9Policy,9law
D)9Procedure,9procedure9-9ans✔B)9Policy,9standard
Zarma9is9an9(ISC)²9member9and9a9security9analyst9for9Triffid9Corporation.9One9of9Zar
ma's9colleagues9is9interested9in9getting9an9(ISC)29certification9and9asks9Zarma9what9t
he9test9questions9are9like.9What9should9Zarma9do?9(D1,9L1.5.1)
A)9Inform9(ISC)²
B)9Explain9the9style9and9format9of9the9questions,9but9no9detail
C)9Inform9the9colleague's9supervisor
D)9Nothing9-9ans✔B)9Explain9the9style9and9format9of9the9questions,9but9no9detail
Of9the9following,9which9would9probably9not9be9considered9a9threat?9(D1,9L1.2.1)
, A)9Natural9disaster
B)9Unintentional9damage9to9the9system9caused9by9a9user
C)9A9laptop9with9sensitive9data9on9it
D)9An9external9attacker9trying9to9gain9unauthorized9access9to9the9environment9-
9ans✔C)9A9laptop9with9sensitive9data9on9it
Siobhan9is9an9(ISC)²9member9who9works9for9Triffid9Corporation9as9a9security9analyst.9
Yesterday,9Siobhan9got9a9parking9ticket9while9shopping9after9work.9What9should9Siob
han9do?9(D1,9L1.5.1)
A)9Inform9(ISC)²
B)9Pay9the9parking9ticket
C)9Inform9supervisors9at9Triffid
D)9Resign9employment9from9Triffid9-9ans✔B)9Pay9the9parking9ticket
Which9of9the9following9is9an9example9of9a9"something9you9are"9authentication9factor?
9(D1,9L1.1.1)
A)9A9credit9card9presented9to9a9cash9machine
B)9Your9password9and9PIN
C)9A9user9ID
D)9A9photograph9of9your9face9-9ans✔D)9A9photograph9of9your9face
For9which9of9the9following9systems9would9the9security9concept9of9availability9probably9
be9most9important?9(D1,9L1.1.1)
A)9Medical9systems9that9store9patient9data
B)9Retail9records9of9past9transactions
C)9Online9streaming9of9camera9feeds9that9display9historical9works9of9art9in9museums9
around9the9world
D)9Medical9systems9that9monitor9patient9condition9in9an9intensive9care9unit9-
9ans✔D)9Medical9systems9that9monitor9patient9condition9in9an9intensive9care9unit
In9risk9management9concepts,9a(n)9_________9is9something9a9security9practitioner9mi
ght9need9to9protect.9(D1,9L1.2.1)
A)9Vulnerability
B)9Asset
C)9Threat
D)9Likelihood9-9ans✔B)9Asset
Triffid9Corporation9has9a9policy9that9all9employees9must9receive9security9awareness9in
struction9before9using9email;9the9company9wants9to9make9employees9aware9of9potenti
al9phishing9attempts9that9the9employees9might9receive9via9email.9What9kind9of9control
9is9this9instruction?9(D1,9L1.3.1)
