2026 WGU C845 VUN1 EVALUATING AND
DEFENDING DATA SECURITY AND SYSTEM
OPERATIONS//WGU C845 VUN1 TASK 3 | PASSED
ON FIRST ATTEMPT |LATEST UPDATE WITH
COMPLETE SOLUTION
When an organization has a properly implemented enterprise risk management
(ERM), what is the tool used to list and categorize each discovered or encountered
risk?
A Cost/benefit equation
B Delphi technique
C Risk register
D Threat model
C
Which statement best describes an advanced persistent threat (APT)?
A A malware attack by a nation state
B An advanced threat that continuously causes havoc
C Malware that persistently moves from one place to another
D An advanced malware attack by a persistent hacker
A
What is the most important consideration in regards to communicating findings
from a security monitoring system?
A Informing the public of each security violation
B Speed of presentation
C Linking each violation to a standard vulnerability reference, such as the CVE
D Having the presentation include all details related to an event
B
,For optimal signal quality, which of the following is correct concerning wireless
antenna placement?
A Place the antenna near a doorway facing into a room.
B Place the antenna as high as possible in the center of the service area.
C Wireless antennas must always be placed in the line of sight.
D Always use a Yagi antenna for 360° broadcasts.
B
Which choice is an attack on a senior executive?
A Watercooler attack
B Whaling attack
C Phishing attack
D Golf course attack
B
Which of the following is a symmetric algorithm?
A Diffie-Hellman
B RSA
C AES
D HMAC
C
How can a user be given the power to set privileges on an object for other users
when within a DAC operating system?
A Remove special permissions for the user on the object.
B Grant the user full control over the object.
C Give the user the modify privilege on the object.
D Issue an administrative job label to the user.
B
,Your company adopts a new end-user security awareness program. This training
includes malware introduction, social media issues, password guidelines, data
exposure, and lost devices. How often should end users receive this training?
A once a year and upon termination
B upon new hire and once a year thereafter
C upon termination
D twice a year
E upon new hire
F once a year
B
What type of event is more likely to trigger the business continuity plan (BCP)
rather than the disaster recovery plan (DRP)?
A A port-scanning event against your public servers in the DMZ
B A security breach of an administrator account
C Several users failing to remember their logon credentials
D A level 5 hurricane
B
What is the IEEE standard known as port-based network access control which is
used to leverage authentication already present in a network to validate clients
connecting over hardware devices, such as wireless access points or VPN
concentrators?
A IEEE 802.1x
B IEEE 802.15
C IEEE 802.3
D IEEE 802.11
A
Why is change control and management used as a component of software asset
management?
, A To stop changes from being implemented into an environment
B To oversee the asset procurement process
C To prevent or reduce unintended reduction in security
D To restrict the privileges assigned to compartmentalized administrators
C
What is the cost benefit equation?
A [ALE1 - ALE2] - CCM
B AES - CCMP
C total initial risk - countermeasure benefit
D AV x EF x ARO
A
What is the best means to restore the most current form of data when a backup
strategy is based on starting each week off with a full backup followed by a daily
differential?
A Restore the initial week's full backup and then the last differential backup before
the failure.
B Restore only the last differential backup.
C Restore the initial week's full backup and then each differential backup up to the
failure.
D Restore the last differential backup and then the week's full backup.
A
Which of the following is not considered an example of a non-discretionary access
control system?
A MAC
B ACL
DEFENDING DATA SECURITY AND SYSTEM
OPERATIONS//WGU C845 VUN1 TASK 3 | PASSED
ON FIRST ATTEMPT |LATEST UPDATE WITH
COMPLETE SOLUTION
When an organization has a properly implemented enterprise risk management
(ERM), what is the tool used to list and categorize each discovered or encountered
risk?
A Cost/benefit equation
B Delphi technique
C Risk register
D Threat model
C
Which statement best describes an advanced persistent threat (APT)?
A A malware attack by a nation state
B An advanced threat that continuously causes havoc
C Malware that persistently moves from one place to another
D An advanced malware attack by a persistent hacker
A
What is the most important consideration in regards to communicating findings
from a security monitoring system?
A Informing the public of each security violation
B Speed of presentation
C Linking each violation to a standard vulnerability reference, such as the CVE
D Having the presentation include all details related to an event
B
,For optimal signal quality, which of the following is correct concerning wireless
antenna placement?
A Place the antenna near a doorway facing into a room.
B Place the antenna as high as possible in the center of the service area.
C Wireless antennas must always be placed in the line of sight.
D Always use a Yagi antenna for 360° broadcasts.
B
Which choice is an attack on a senior executive?
A Watercooler attack
B Whaling attack
C Phishing attack
D Golf course attack
B
Which of the following is a symmetric algorithm?
A Diffie-Hellman
B RSA
C AES
D HMAC
C
How can a user be given the power to set privileges on an object for other users
when within a DAC operating system?
A Remove special permissions for the user on the object.
B Grant the user full control over the object.
C Give the user the modify privilege on the object.
D Issue an administrative job label to the user.
B
,Your company adopts a new end-user security awareness program. This training
includes malware introduction, social media issues, password guidelines, data
exposure, and lost devices. How often should end users receive this training?
A once a year and upon termination
B upon new hire and once a year thereafter
C upon termination
D twice a year
E upon new hire
F once a year
B
What type of event is more likely to trigger the business continuity plan (BCP)
rather than the disaster recovery plan (DRP)?
A A port-scanning event against your public servers in the DMZ
B A security breach of an administrator account
C Several users failing to remember their logon credentials
D A level 5 hurricane
B
What is the IEEE standard known as port-based network access control which is
used to leverage authentication already present in a network to validate clients
connecting over hardware devices, such as wireless access points or VPN
concentrators?
A IEEE 802.1x
B IEEE 802.15
C IEEE 802.3
D IEEE 802.11
A
Why is change control and management used as a component of software asset
management?
, A To stop changes from being implemented into an environment
B To oversee the asset procurement process
C To prevent or reduce unintended reduction in security
D To restrict the privileges assigned to compartmentalized administrators
C
What is the cost benefit equation?
A [ALE1 - ALE2] - CCM
B AES - CCMP
C total initial risk - countermeasure benefit
D AV x EF x ARO
A
What is the best means to restore the most current form of data when a backup
strategy is based on starting each week off with a full backup followed by a daily
differential?
A Restore the initial week's full backup and then the last differential backup before
the failure.
B Restore only the last differential backup.
C Restore the initial week's full backup and then each differential backup up to the
failure.
D Restore the last differential backup and then the week's full backup.
A
Which of the following is not considered an example of a non-discretionary access
control system?
A MAC
B ACL
