WGU C725 Practice Test Questions and Answers Latest Updated 2022 Rated A

Document Content and Description Below

C725 Practice Test Questions and Answers Latest Updated 2022 Rated A Which groups typically report to the chief security officer (CSO)? ✔✔Security engineering and operations A company is consi ... dering which controls to buy to protect an asset. What should the price of the controls be in relation to the cost of the asset? ✔✔Less than the annual loss expectancy An employee uses a secure hashing algorithm for message integrity. The employee sends a plain text message with the embedded hash to a colleague. A rogue device receives and retransmits the message to its destination. Once received and checked by the intended recipient, the hashes do not match. Which STRIDE concept has been violated? ✔✔Tampering An attacker accesses private emails between the company's CISO and board members. The attacker then publishes the emails online. Which type of an attack is this, according to the STRIDE model? ✔✔Information disclosure A system data owner needs to give access to a new employee, so the owner formally requests that the system administrator create an account and permit the new employee to use systems necessary to the job. Which type of control does the system administrator use to grant these permissions? ✔✔Access The chief information security officer (CISO) for an organization knows that the organization's datacenter lacks the physical controls needed to adequately control access to sensitive corporate systems. The CEO, CIO, and CFO feel that the current physical access is within a tolerable risk level, and they agree not to pay for upgrades to the facility. Which risk management strategy has the senior leadership decided to employ? ✔✔Acceptance Which phase of the software development life cycle follows system design? ✔✔Development Which question relates to the functional aspect of computer security? ✔✔Does the system do the right things in the right way? Which action is an example of a loss of information integrity based on the CIA triad? ✔✔A security engineer accidentally scrambles information in a database. What is included in quantitative risk analysis? ✔✔Risk ranking What is a fundamentally objective concept in determining risk? ✔✔Resource costs Which domain of the (ISC)² Common Body of Knowledge addresses procedures and tools that eliminate or reduce the capability to exploit critical information? ✔✔Operations Security Which domain of the (ISC)² Common Body of Knowledge addresses identification, authentication, authorization, and logging and monitoring techniques and technologies? ✔✔Access Control Which type of policy establishes a security plan, assigns management responsibilities, and states an organization's computer security objectives? ✔✔Program-level A company consults a best practices manual from its vendor while deploying a new IT system. Which type of document does this exemplify? ✔✔Guidelines [Show More]

Last updated: 3 years ago

Preview 1 out of 20 pages

Buy Now

Instant download

We Accept: