1|Page
WGU C725 TEST BANK 2024-2025 MASTER'S COURSE
INFORMATION SECURITY AND ASSURANCE ACTUAL EXAM
WITH UPDATED QUESTIONS AND ANSWERS (GRADED A+)
What is a disadvantage of discretionary access control (DAC)?
A. Empowers owners to decide access levels
B. Determines access by need to know
C. Controls access through a single sign-on
D. Allows security administrators to decide access levels -
ANSWER-A
Which password problem persists when accessing information
and systems even with a strong password management and
creation policy?
A. Passwords are very insecure.
B. Passwords are repudiable.
C. Passwords are easy to crack.
D. Passwords are hard to share. - ANSWER-B
,2|Page
Which regulation requires corporate executives to review and
modernize their company's financial reporting systems?
A. Fair Credit Reporting Act (FCRA)
B. General Data Protection Regulation (GDPR)
C. Sarbanes-Oxley Act (SOX)
D. Gramm-Leach-Bliley Act (GBLA) - ANSWER-C
Which law protects the confidentiality of patient records?
A. Family Medical Leave Act (FMLA)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. General Data Protection Regulation (GDPR)
D. Patient Privacy and Protection Act (PPPA) - ANSWER-B
A company has had problems with attackers hacking user
accounts using a variety of password-guessing techniques.
,3|Page
Which type of policy change should the company institute to
reduce the effectiveness of this type of hacking?
A. Account lock-out
B. Account provisioning
C. Acceptable use
D. Separation of duties - ANSWER-A
An organization wants to update its policies that govern email
acceptable use, internet acceptable use, laptop security, and
wireless security.
Which type of policies should the organization update to
accomplish this?
A. Program-level
B. Program-framework
C. Issue-specific
D. System-specific - ANSWER-C
, 4|Page
Which type of documents do organizations use to explain step-by-
step instructions?
A. Procedures
B. Guidelines
C. Baselines
D. Standards - ANSWER-A
Which tool can organizations deploy to manage and monitor
corporate email against data leakage on mobile devices?
A. Antivirus software
B. MDM
C. Proxy servers
D. Routers - ANSWER-B
An information systems security officer finds a new vulnerability
that has no patch available yet. The security officer creates rules
WGU C725 TEST BANK 2024-2025 MASTER'S COURSE
INFORMATION SECURITY AND ASSURANCE ACTUAL EXAM
WITH UPDATED QUESTIONS AND ANSWERS (GRADED A+)
What is a disadvantage of discretionary access control (DAC)?
A. Empowers owners to decide access levels
B. Determines access by need to know
C. Controls access through a single sign-on
D. Allows security administrators to decide access levels -
ANSWER-A
Which password problem persists when accessing information
and systems even with a strong password management and
creation policy?
A. Passwords are very insecure.
B. Passwords are repudiable.
C. Passwords are easy to crack.
D. Passwords are hard to share. - ANSWER-B
,2|Page
Which regulation requires corporate executives to review and
modernize their company's financial reporting systems?
A. Fair Credit Reporting Act (FCRA)
B. General Data Protection Regulation (GDPR)
C. Sarbanes-Oxley Act (SOX)
D. Gramm-Leach-Bliley Act (GBLA) - ANSWER-C
Which law protects the confidentiality of patient records?
A. Family Medical Leave Act (FMLA)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. General Data Protection Regulation (GDPR)
D. Patient Privacy and Protection Act (PPPA) - ANSWER-B
A company has had problems with attackers hacking user
accounts using a variety of password-guessing techniques.
,3|Page
Which type of policy change should the company institute to
reduce the effectiveness of this type of hacking?
A. Account lock-out
B. Account provisioning
C. Acceptable use
D. Separation of duties - ANSWER-A
An organization wants to update its policies that govern email
acceptable use, internet acceptable use, laptop security, and
wireless security.
Which type of policies should the organization update to
accomplish this?
A. Program-level
B. Program-framework
C. Issue-specific
D. System-specific - ANSWER-C
, 4|Page
Which type of documents do organizations use to explain step-by-
step instructions?
A. Procedures
B. Guidelines
C. Baselines
D. Standards - ANSWER-A
Which tool can organizations deploy to manage and monitor
corporate email against data leakage on mobile devices?
A. Antivirus software
B. MDM
C. Proxy servers
D. Routers - ANSWER-B
An information systems security officer finds a new vulnerability
that has no patch available yet. The security officer creates rules
