WGU C795 EXAM LATEST 2023-2024
REAL EXAM 300+ QUESTIONS AND
CORRECT ANSWERS(VERIFIED
ANSWERS)|AGRADE
A penetration tester identifies a SQL injection vulnerability in a business-critical
web application. The security administrator discusses this finding with the
application developer, and the developer insists that the issue would take two
months to remediate.
Which defense-in-depth practice should the security administrator use to prevent
an attacker from exploiting this weakness before the developer can implement a
fix?
a. Perform daily vulnerability scans
b. Implement a web-application firewall
c. Submit an urgent change control ticket
d. Deploy an anti malware agent to the web server – ANSWER- b
A company is concerned about securing its corporate network, including its
wireless network, to limit security risks.
Which defense-in-depth practice represents an application of least privilege?
a. Implement mutual multifactor authentication
b. Configure Wi-Fi-Protected Access for encrypted communication
c. Disable wireless access to users who do not need it
d. Implement an intrusion detection system – ANSWER- c
A technician notifies her supervisor that the nightly backup of a critical system
failed during the previous night’s run. Because the system is critical to the
organization, the technician raised the issue in order to make management aware of
the missing backup. The technician is looking for guidance on whether additional
actions should be taken on the single backup failure.
Which role is responsible for making the final decision on how to handle the
incomplete backup?
a. Senior management
b. Data owner
c. Supervisor
d. Application administrator – ANSWER- b
A company relies exclusively on a system for critical functions. An audit is
performed, and the report notes that there is no log review performed on the
system. Management has been tasked with selecting the appropriate person to
perform the log reviews in order to correct the deficiency.
Which role is responsible for reviewing and auditing logs in order to detect any
malicious behavior?
a. Security Administrator
b. System user
c. Database administrator
d. Senior management – ANSWER- a
A company’s main asset is its client list stored in the company database, which is
accessible to only specific users. The client list contains Health Insurance
Portability and Accountability Act (HIPAA) protected data.
Which user activity should be monitored?
a. Privilege escalation
b. Changing system time
c. Using database recovery tools
d. Configuring interfaces – ANSWER- a
An employee is transferring data onto removable media. The company wants to
reduce the likelihood of fraud, and transferring data onto removable media is
limited to special cases.
Which security principle should the company execute as a policy to reduce fraud?
a. Two person control
b. Least privilege
c. Need to know
d. Job rotation – ANSWER- a
An executive is using a cell phone to view sensitive data.
Which control would protect the sensitive data stored on the phone from being
exposed due to loss or theft?
a. Encryption
b. Anti-malware
c. Antivirus
d. Backups – ANSWER- a
A company has identified a massive security breach in its healthcare records
department. Over 50% of customers’ personally identifiable information (PII) has
been stolen. The customers are aware of the breach, and the company is taking
actions to protect customer assets through the personal security policy, which
addresses PII data.
Which preventive measure should the company pursue to protect against future
attacks?
a. Require cognitive passwords
b. Employ password tokens
c. Use network-based and host-based firewalls
d. Install auditing tools – ANSWER- c
An organization needs to improve the security of the systems it is monitoring. It
has determined that the systems need regularly scheduled vulnerability scans.
Which action will enable the organization to satisfy this requirement?
a. Use Nessus to perform system scans
b. Use Wireshark to perform system scans
c. Implement an intrusion detection system
d. Implement an intrusion prevention system – ANSWER- a
The IT department of a large company uses a secure baseline image to deploy
operating systems.
Which type of management action is being implemented by using a secure baseline
image?
a. Patch
b. Configuration
c. Change
d. Operations – ANSWER- b
A company’s vulnerability management policy requires assessing a vulnerability
based on its severity.
Which standard should this company use to prioritize vulnerabilities?
a. Common Vulnerabilities Scoring System (CVSS)
b. Common Vulnerabilities and Exposures (CVE)
c. Common Configuration Enumeration (CCE)
d. Open Vulnerability and Assessment Language (OVAL) – ANSWER- a
A company’s vulnerability management policy requires internet-facing applications
to be scanned weekly.
Which vulnerability scanning technique meets this policy requirement?
a. Discovery
b. Network
c. Web
d. Connect – ANSWER- c
An organization wants to secure a wireless access point (WAP) and wants to force
users to authenticate to the network before gaining access.
Which security encryption protocol should be implemented on the WAP?