WGU C795

Security Tests CORRECT ANSWERS: Security tests verify that a control is functioning properly. These tests include automated scans, tool-assisted penetration tests, and manual attempts to undermine security. Security testing should take place on a regular schedule, with attention paid to each of the key security controls protecting an organization. Security Assessments CORRECT ANSWERS: Comprehensive reviews of the security of a system, application, or other tested environment. During a secur...

What is a vulnerability? CORRECT ANSWERS: a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. What is a penetration test? CORRECT ANSWERS: a simulated cyber attack against your systems or company What are the typical steps for a vulnerability test? CORRECT ANSWERS: Identify asset classification list, identify vulnerabilities, test assets against vulnerabilities, and recommend solut...

Question 1 :Which of the following best describes an implicit deny principle? CORRECT ANSWERS: All actions that are not expressly allowed are denied. What is the intent of least privilege? CORRECT ANSWERS: Enforce the most restrictive rights required by users to complete assigned tasks. Question 3 :A table includes multiple objects and subjects and it identifies the specific access each subject has to different objects. What is this table? CORRECT ANSWERS: Access control matrix Quest...

QUESTIONS AND ANSWERS

A combined mail server and calendaring server environment contains no secure sockets layer (SSL) certificate. Which security principle of the CIA triad is affected by the lack of an SSL certificate? A Confidentiality B Integrity C Authentication D Availability Correct Answer A A company does not have a disaster recovery plan (DRP) and suffers a multiday power outage. Which provisioning should the company perform to provide stable power for a long period of time? A Purchase gene...

Common Vulnerabilities and Exposures (CVE) Correct Answer Provides a naming system for describing security vulnerabilities. Common Vulnerability Scoring System (CVSS) Correct Answer provides a standardized scoring system for describing the severity of security vulnerabilities. Common Configuration Enumeration (CCE) Correct Answer provides a naming system for system configuration issues. Common Platform Enumeration (CPE) Correct Answer provides a naming system for operating systems, appl...

WGU C795 Cybersecurity Management II Tactical SOBs Questions and Answers (2022/2023) (Verified Answers) ____________ subjects are granted only the privileges necessary to perform assigned work tasks and no more. Keep in mind that privilege in this context includes both permissions to data and rights to perform tasks on systems. The principle of least privilege states that ____________ ensures that no single person has total control over a critical function or system. This is necessary to en...

WGU C795 EXAM Questions and Answers (2022) (Verified Answers) A company's main asset is a physical working prototype stored in the research and development department. The prototype is not currently connected to the company's network. Which privileged user activity should be monitored? Accessing camera logs A company performs a data audit on its critical information every six months. Company policy states that the audit cannot be conducted by the same employee within a two-year time fr...

WGU C795 Cybersecurity Management II - Tactical Practice Questions and Answers (2022/2023) (Verified Answers) Question 1 :A security technician reports to you that a file server is experiencing unscheduled initial program loads (IPLs). Which statement BEST explains this problem? The system is rebooting. Because of the value of your company's data, your company has asked you to ensure data availability. You want to implement the techniques that can help to ensure data availability. Which me...

WGU C795 Cybersecurity Management II Tactical Preassessment Questions and Answers (2022/2023) (Verified Answers) A combined mail server and calendaring server environment contains no secure sockets layer (SSL) certificate.Which security principle of the CIA triad is affected by the lack of an SSL certificate? Confidentiality A company does not have a disaster recovery plan (DRP) and suffers a multiday power outage. Which provisioning should the company perform to provide stable power for a ...