WGU C836 COMPLETE QUESTIONS AND ANSWERS | LATEST VERSION | 2024/2025 | 100% PASS
9 views 0 purchase
Course
WGU C836
Institution
WGU C836
WGU C836 COMPLETE QUESTIONS
AND ANSWERS | LATEST VERSION |
2024/2025 | 100% PASS
What is the purpose of a security baseline?
A security baseline establishes a minimum level of security for systems and applications,
serving as a reference point for configuring and assessing security contro...
WGU C836 COMPLETE QUESTIONS
AND ANSWERS | LATEST VERSION |
2024/2025 | 100% PASS
What is the purpose of a security baseline?
✔✔ A security baseline establishes a minimum level of security for systems and applications,
serving as a reference point for configuring and assessing security controls.
How can organizations benefit from implementing security frameworks like NIST or ISO
27001?
✔✔ Security frameworks provide structured approaches to managing security risks, promoting
best practices, compliance, and continuous improvement in an organization’s security posture.
What is a security incident, and how is it different from a security breach?
✔✔ A security incident is any event that threatens the confidentiality, integrity, or availability of
information, while a security breach specifically refers to unauthorized access to sensitive data.
What are the key elements of a comprehensive information security program?
✔✔ Key elements include risk assessment, security policies, user awareness training, incident
response planning, compliance management, and continuous monitoring.
1
,What is the purpose of conducting a business impact analysis (BIA)?
✔✔ A business impact analysis assesses the potential effects of disruptions to critical business
functions, helping organizations prioritize recovery efforts and allocate resources effectively.
What is the difference between a risk assessment and a vulnerability assessment?
✔✔ A risk assessment evaluates the likelihood and impact of potential threats to assets, while a
vulnerability assessment identifies weaknesses in systems that could be exploited.
How does encryption protect data at rest and in transit?
✔✔ Encryption transforms data into an unreadable format, ensuring that unauthorized users
cannot access or interpret the information, whether stored (at rest) or being transmitted (in
transit).
What is the role of an information security policy?
✔✔ An information security policy defines the rules and procedures for protecting an
organization’s information assets, establishing accountability and guiding employee behavior.
What are the common types of access control models?
2
,✔✔ Common access control models include discretionary access control (DAC), mandatory
access control (MAC), and role-based access control (RBAC).
What is an adversary in the context of information security?
✔✔ An adversary is an individual or group that seeks to exploit vulnerabilities to compromise
the security of an information system or data.
How does multifactor authentication (MFA) enhance security?
✔✔ Multifactor authentication requires users to provide multiple forms of verification, such as
passwords and biometric data, making unauthorized access significantly more difficult.
What is the significance of conducting penetration testing?
✔✔ Penetration testing simulates real-world attacks on systems to identify vulnerabilities, assess
the effectiveness of security controls, and provide recommendations for improvement.
What is a security incident response team (SIRT)?
✔✔ A security incident response team (SIRT) is a group of professionals responsible for
preparing for, detecting, analyzing, and responding to security incidents within an organization.
3
, What is the purpose of a security audit?
✔✔ A security audit evaluates an organization’s security policies, practices, and controls to
ensure compliance and identify areas for improvement.
What is a data retention policy, and why is it important?
✔✔ A data retention policy outlines how long an organization retains data and under what
circumstances it is deleted, helping manage legal compliance and data privacy.
What are the main goals of an incident response plan?
✔✔ The main goals of an incident response plan are to minimize damage, recover quickly,
ensure effective communication, and improve future responses to incidents.
How do social engineering attacks exploit human behavior?
✔✔ Social engineering attacks manipulate individuals into divulging confidential information or
performing actions that compromise security, often leveraging trust and curiosity.
What is a digital certificate, and how is it used in security?
✔✔ A digital certificate is an electronic document used to prove the ownership of a public key,
enabling secure communications through encryption and authentication.
4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller SterlingScores. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.08. You're not tied to anything after your purchase.