WGU C725 Master's Course Information Security and Assurance: Exam Questions and Answers Latest Updated 2023/2024 | 100% Verified

WGU C725 Master's Course Information Security and Assurance: Exam Questions and Answers Latest Updated 2023/2024 | 100% Verified. Which groups typically report to the chief security officer (CSO)? A. Security engineering and operations B. Physical and software security C. Audit and incident response D. Facilities and information technology functions - answer-A A company is considering which controls to buy to protect an asset. What should the price of the controls be in relation to the cost of the asset? WGU C725 Master's Course Information Security and Assurance Exam Questions and Answers Latest 2023 – 2024 A. Less than the annual loss expectancy B. More than the annual loss expectancy C. Equal to the cost of the asset D. More than the cost of the asset - answer-A How many keys are used in asymmetric encryption? A. No keys are used to encrypt and decrypt a message. B. One key is used to encrypt and decrypt a message. C. Two keys are used to encrypt and decrypt a message. D. Three keys are used to encrypt and decrypt a message. - answer-C Which protocol is a variant of a standard web transfer protocol that adds a layer of security on the data in transit using a secure socket layer? A. HTTPS B. HTTP C. FTP D. SFTP - answer-A Which description characterizes symmetric cryptography? A. The same key is used to lock and unlock the cipher. B. Two separate but unrelated keys are used to unlock the cipher. C. Two separate and related keys are used to unlock the cipher. D. Keys are unnecessary when using symmetric cryptography to unlock a cipher. - answer-A An employee uses a secure hashing algorithm for message integrity. The employee sends a plain text message with the embedded hash to a colleague. A rogue device receives and retransmits the message to its destination. Once received and checked by the intended recipient, the hashes do not match. Which STRIDE concept has been violated? A. Tampering B. Repudiation C. Elevation of privilege D. Denial-of-service - answer-A An attacker accesses private emails between the company's CISO and board members. The attacker then publishes the emails online. Which type of an attack is this, according to the STRIDE model? A. Repudiation B. Information disclosure C. Elevation of privilege D. Tampering - answer-B A security guard at the front desk of a building checks every employee's name badge with their photo before they are allowed in the building. Which two factors have been checked to verify identity? A. Something you have, something you are B. Something you have, something you know C. Something you know, where you are at D. Where you are at, something you are - answer-A A system data owner needs to give access to a new employee, so the owner formally requests that the system administrator create an account and permit the new employee to use systems necessary to the job. Which type of control does the system administrator use to grant these permissions? A. Physical B. Protocol C. Access D. Firewall - answer-C The chief information security officer (CISO) for an organization knows that the organization's datacenter lacks the physical controls needed to adequately control access to sensitive corporate systems. The CEO, CIO, and CFO feel that the current physical access is within a tolerable risk level, and they agree not to pay for upgrades to the facility. Which risk management strategy has the senior leadership decided to employ? WGU C725 Master's Course Information Security and Assurance Exam (Latest 2023 – 2024) A. Deterrence B. Assignment C. Acceptance D. Avoidance - answer-C Which phase of the software development life cycle follows system design? A. System requirements B. Development C. Testing D. Deployment - answer-B Which question relates to the functional aspect of computer security? A. Does the system do the right things in the right way? B. Does the security staff do the right job in the right way? C. Does the system do the right things in the wrong way? D. Does the security staff do the right job in the wrong way? - answer-A Which leg of the CIA triad is addressed when a business contracts with a cloud vendor to backup its information? A. Information WGU C725 Master's Course Information Security and Assurance Exam (Latest 2023 – 2024) B. Availability C. Integrity D. Confidentiality - answer-B Which action is an example of a loss of information integrity based on the CIA triad? A. A system administrator uses another administrator's password without request. B. A security engineer accidentally scrambles information in a database. C. A help desk employee verifies customers' identities before changing passwords. D. A help desk employee refuses to share an employee's information with a partner. - answer-B What is included in quantitative risk analysis? A. Risk ranking B. Risk mitigation C. Risk transfer D. Risk insurance - answer-A What is a fundamentally objective concept in determining risk? A. Risk acceptance B. Risk recovery C. Resource availability D. Resource costs - answer-D WGU C725 Master's Course Information Security and Assurance Exam (Latest 2023 – 2024) Which domain of the (ISC)² Common Body of Knowledge addresses procedures and tools that eliminate or reduce the capability to exploit critical information? A. Physical (Enviromental) Security B. Access Control C. Operations Security D. Cryptography - answer-C Which domain of the (ISC)² Common Body of Knowledge addresses identification, authentication, authorization, and logging and monitoring techniques and technologies? A. Access Control B. Operations Security C. Cryptography D. Software Development Security - answer-A Which type of policy establishes a security plan, assigns management responsibilities, and states an organization's computer security objectives? A. Framework-level B. Program-level C. System-specific D. Issue-specific - answer-B WGU C725 Master's Course Information Security and Assurance Exam (Latest 2023 – 2024) A company consults a best practices manual from its vendor while deploying a new IT system.Which type of document does this exemplify? A. Procedures B. Guidelines C. Policies D. Standards - answer-B Which type of technology are DropBox, Skype, and Office 365 examples of? A. Local Area Network B. Wireless C. Wide Area Network D. Cloud Computing - answer-D An organization has all of its offices in several different buildings that are situated on a large city block. Which type of network is specifically suited to connect these offices to the organization's network? A. Wireless B. Campus C. Metropolitan D. Wide - answer-B WGU C725 Master's Course Information Security and Assurance Exam (Latest 2023 – 2024) A new bookkeeper receives an email claiming to come from an online banking site. The bookkeeper clicks on an embedded link and enters some of the company's banking information into the cybercriminal's website. Which security method can deter this type of attack in the future? A. Employee security training B. Principle of least privilege C. Change management D. Separation of duties - answer-A A network security engineer is tasked with preparing audit reports for the auditor. The internal auditor sends the reports to the external auditor who discovers that fraud was committed and that the network security engineer has falsified the reports. Which security principle should be used to stop this type of fraud from happening? A. Separation of duties B. Least privilege C. Network segmentation D. Defense in depth - answer-A An employee has worked for the same organization for years and still has access to legal files even though this employee now works in accounting. Which principle has been violated? WGU C725 Master's Course Information Security and Assurance Exam (Latest 2023 – 2024) A. Least privilege B. Network segmentation C. Separation of duties D. Defense in depth - answer-A A sales specialist is a normal user of a corporate network. The corporate network uses subjects, objects, and labels to grant users access. Which access control methodology is the corporation using? A. Least privilege B. Discretionary C. Role-based D. Mandatory - answer-D Which description is an example of three-factor authentication? A. Unique information related to the user is added to the two-factor authentication process. B. A user has three physical devices such as a token, a smart card, and a USB flash drive. C. A user must enter a strong password, enter a mantrap, and then reenter the password. D. Unique information related to the user is necessary in addition to a strong password. - answer-A What is considered a valid method for testing an organization's disaster recovery plan, according to the Certified Information Systems Security Professional (CISSP)? WGU C725 Master's Course Information Security and Assurance Exam (Latest 2023 – 2024) A. Checklist B. Register list C. Vulnerability testing D. Penetration testing - answer-A Which type of disaster recovery site is the most expensive to maintain but the quickest to recover to? A. Hot B. Warm C. Cold D. Joint - answer-A Who directs policies and procedures that are designed to protect information resources in an organization? A. Technical information manager B. Custodians of information resources C. Owners of information resources D. Information resources security officer - answer-D Which topics should be included in employee security training program? A. Phishing, social engineering, defensive driving, BYOD WGU C725 Master's Course Information Security and Assurance Exam (Latest 2023 – 2024) B. Social justice, social networking, 401k training, phishing C. Social engineering, shoulder surfing, phishing, malware D. Acceptable use, phishing, employee benefits, BYOD - answer-C What is a threat to business operations? A. Recently installed off-the-shelf software with known vulnerabilities B. Employees who refuse to password protect their computer C. Sophisticated hacking tools purchased by a disgruntled employee D. A network administrator who puts off patching server software - answer-C Which statement describes a threat? A. Spear phishing attack B. Unpatched operating system C. Misconfigured email server D. Employee filing for bankruptcy - answer-A Which type of threat can take the form of executable code, scripts, active content, or other software? A. Malware B. SQL injection C. Unpatched OS D. Brute force - answer-A