WGU C954 Information Technology Management OA Study Guide: Practice Questions & Rationales, Exams of Information Technology

WGU C954 Information Technology Management OA Study Guide: Practice Questions & Rationales (2026–2028) Pass your Western Governors University C954 objective assessment on the first attempt with this high-yield IT Management study guide engineered for the 2026–2028 curriculum. This resource features realistic practice questions, correct answers, and thorough operational rationales covering IT governance frameworks, strategic alignment tools, security compliance, and technology rollout methodologies. Ideal for accelerating your pre-assessment remediation, sharpening your business-IT decision-making matrix, and securing your IT management degree.

Typology: Exams

2025/2026

Available from 07/02/2026

prof.k
prof.k 🇺🇸

2.4

(7)

6.6K documents

1 / 127

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
WGU C954 Information Technology Management OA Study
Guide | Practice Questions, Answers & Rationales | 2026
2028
Prepare for the WGU C954 Information Technology Management Objective Assessment with this
comprehensive study guide featuring original practice questions, accurate answers, and detailed
rationales. Covers IT strategy, information systems, cybersecurity, risk management, project
management, IT governance, leadership, innovation, and business technology concepts aligned with the
course competencies. Perfect for focused review, self-assessment, and building confidence before your
WGU C954 Objective Assessment.
Question 1
An IT director is evaluating how to implement a new enterprise system. The director
focuses on ensuring that the technology directly supports the company’s objective of
reducing customer churn by 15%. This scenario is an example of which management
concept?
A) Technological determinism
B) Total Cost of Ownership optimization
C) Business-IT alignment
D) Infrastructure redundancy
Rationale: Business-IT alignment is the continuous process of matching an
organization's IT strategy and investments with its overarching business goals, ensuring
that technology serves as a tool to achieve strategic objectives rather than operating in
a silo.
Question 2
A large hospital chain wants to adopt a cloud computing platform to handle data
processing. However, due to strict healthcare compliance regulations, they must keep
control over where sensitive patient data is physically stored. Which cloud deployment
model should the Chief Information Officer (CIO) choose?
A) Public cloud
B) Private cloud
C) Community cloud
D) Open-source cloud
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download WGU C954 Information Technology Management OA Study Guide: Practice Questions & Rationales and more Exams Information Technology in PDF only on Docsity!

WGU C954 Information Technology Management OA Study

Guide | Practice Questions, Answers & Rationales | 2026–

Prepare for the WGU C954 Information Technology Management Objective Assessment with this comprehensive study guide featuring original practice questions, accurate answers, and detailed rationales. Covers IT strategy, information systems, cybersecurity, risk management, project management, IT governance, leadership, innovation, and business technology concepts aligned with the course competencies. Perfect for focused review, self-assessment, and building confidence before your WGU C954 Objective Assessment.

Question 1

An IT director is evaluating how to implement a new enterprise system. The director focuses on ensuring that the technology directly supports the company’s objective of reducing customer churn by 15%. This scenario is an example of which management concept? A) Technological determinism B) Total Cost of Ownership optimization C) Business-IT alignment D) Infrastructure redundancy Rationale: Business-IT alignment is the continuous process of matching an organization's IT strategy and investments with its overarching business goals, ensuring that technology serves as a tool to achieve strategic objectives rather than operating in a silo.

Question 2

A large hospital chain wants to adopt a cloud computing platform to handle data processing. However, due to strict healthcare compliance regulations, they must keep control over where sensitive patient data is physically stored. Which cloud deployment model should the Chief Information Officer (CIO) choose? A) Public cloud B) Private cloud C) Community cloud D) Open-source cloud

Rationale: A private cloud is provisioned for exclusive use by a single organization. It offers the highest level of control, security, and data sovereignty, making it ideal for industries with strict regulatory compliance mandates like healthcare or finance.

Question 3

A startup company needs to implement an office productivity suite but does not want to purchase hardware, manage operating system licenses, or handle software patches. They choose a web-based service where the vendor manages everything. Which cloud service model does this represent? A) Infrastructure as a Service (IaaS) B) Platform as a Service (PaaS) C) Software as a Service (SaaS) D) Desktop as a Service (DaaS) Rationale: Software as a Service (SaaS) delivers fully functional, end-user applications over the internet. The vendor hosts, manages, patches, and secures the entire infrastructure, leaving the client responsible only for using the application.

Question 4

An IT manager is preparing a budget proposal to migrate the company's local data center to a public cloud provider. How will this migration alter the company's financial accounting profile? A) Capital Expenditures (CapEx) will decrease, and Operational Expenditures (OpEx) will increase. B) Capital Expenditures (CapEx) will increase, and Operational Expenditures (OpEx) will decrease. C) Both Capital Expenditures and Operational Expenditures will decrease to zero. D) Fixed assets will increase, while variable utility costs will be eliminated. Rationale: Moving to the cloud shifts costs from CapEx (buying physical servers up front, which are depreciated over time) to OpEx (paying for computing resources as a recurring utility or operational subscription).

Question 5

A software development team is building a critical safety application for an automobile braking system. The requirements are fully known, fixed, and cannot change during

Question 8

A network engineer uses a cryptographic hashing algorithm to generate a unique digital fingerprint for a system configuration file. Every morning, the system checks the file against this hash to verify it hasn't been altered by malware. This practice protects which pillar of the CIA Triad? A) Confidentiality B) Integrity C) Availability D) Accountability Rationale: Integrity ensures that data remains accurate, complete, and unaltered from its original state. Hashing verifies that a file has not been modified, corrupted, or tampered with by unauthorized parties.

Question 9

An online retail business undergoes a risk assessment that reveals its web servers are highly vulnerable to distributed denial-of-service (DDoS) attacks. The company decides to purchase a comprehensive insurance policy that covers all financial losses resulting from potential downtime. What risk response strategy was deployed? A) Risk Mitigation B) Risk Avoidance C) Risk Acceptance D) Risk Transfer Rationale: Risk transfer involves shifting the financial consequences or liability of a risk to a third party, such as an insurance provider or an outsourced vendor, without necessarily eliminating the threat itself.

Question 10

A manufacturing corporation wants to implement an enterprise system that integrates its core processes—including finance, human resources, manufacturing, and inventory management—into a single software platform with a unified database. What type of system should they implement? A) Enterprise Resource Planning (ERP) B) Customer Relationship Management (CRM)

C) Supply Chain Management (SCM) D) Knowledge Management System (KMS) Rationale: Enterprise Resource Planning (ERP) software integrates all facets of an operation into a single, unified system, allowing different departments to share information seamlessly and break down data silos.

Question 11

A corporate security officer installs security cameras, physical badge scanners, and heavy deadbolts on the entrance doors to the primary server room. Which category of security control does this represent? A) Physical control B) Administrative control C) Technical control D) Logical control Rationale: Physical controls are tangible, real-world barriers designed to restrict physical access to property, facilities, or hardware assets (e.g., locks, fences, guards, and biometric doors).

Question 12

An IT director writes a comprehensive organizational document that mandates annual cybersecurity training for all staff, establishes strict rules for password length, and outlines disciplinary actions for policy violations. What category of security control is this? A) Physical control B) Administrative control C) Technical control D) Operational control Rationale: Administrative controls (also called managerial controls) consist of policies, procedures, training, and guidelines established by management to govern human behavior and reduce risk within an organization.

Question 13

A financial institution sets up firewalls, installs endpoint anti-malware software on all workstations, and configures complex file access permissions via software access control lists. Which category of security control do these mechanisms fall under?

An IT audit reveals that three separate departments within a logistics company are maintaining their own independent spreadsheets of customer addresses. This has resulted in identical customers having different addresses across the company. What data management issue is occurring? A) Data isolation B) Data redundancy C) Data abstraction D) Data independence Rationale: Data redundancy occurs when the same data field is stored in multiple separate locations within an organization. This often leads to data inconsistency, where different systems hold conflicting records of the truth.

Question 17

A retail organization plans to implement a new customer relationship management (CRM) software. The CIO schedules pre-launch town halls, user training sessions, and post-launch workshops to help employees transition from their old spreadsheet workflows to the new software. This effort is an application of which discipline? A) Portfolio management B) Business process outsourcing C) Change management D) Business-IT alignment Rationale: Change management is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state. It addresses the human side of technological transformations to increase user adoption and minimize resistance.

Question 18

An e-commerce business experiences a massive server crash. The IT team determines that it will take 4 hours to completely rebuild the servers from backup tapes and bring the web portal back online for customers. What disaster recovery metric does this 4- hour window represent? A) Recovery Point Objective (RPO) B) Recovery Time Objective (RTO) C) Mean Time Between Failures (MTBF) D) Service Level Threshold (SLT)

Rationale: Recovery Time Objective (RTO) is the targeted duration of time within which a business process or IT system must be restored after a disaster or disruption to avoid unacceptable consequences.

Question 19

A bank decides that in the event of a catastrophic system failure, they cannot afford to lose more than 15 minutes worth of transaction data. They configure their backup routines to take system snapshots every 15 minutes. What disaster recovery metric dictated this policy? A) Recovery Point Objective (RPO) B) Recovery Time Objective (RTO) C) Maximum Tolerable Downtime (MTD) D) Data Retention Threshold (DRT) Rationale: Recovery Point Objective (RPO) is the maximum age of files or data that an organization must recover from backup storage for normal operations to resume after a disaster. It determines the minimum frequency of backups required.

Question 20

A credit card processing company must comply with a rigid, industry-mandated security standard that dictates specific requirements for firewall configurations, encryption of cardholder data across public networks, and regular vulnerability tests. Which compliance framework governs this sector? A) PCI-DSS B) HIPAA C) SOX D) FERPA Rationale: The Payment Card Industry Data Security Standard (PCI-DSS) is a widely accepted set of operational and technical policies mandated by major credit card brands to ensure that all companies processing, storing, or transmitting credit card information maintain a secure environment.

Question 21

A global shipping company wants to store massive amounts of unstructured data, including delivery images, customer audio logs, and raw container tracking data, in its

Question 24

A streaming service provider handles massive streams of user viewing data generated globally at a rate of millions of events per second. The system must process and analyze this data in real time. Which of the "Three Vs" of Big Data does this extreme speed represent? A) Volume B) Velocity C) Variety D) Veracity Rationale: Velocity refers to the rapid speed at which new data is generated, collected, and processed. Managing high-velocity data requires specialized real-time ingest and analytical architectures.

Question 25

An IT executive is negotiating a contract with a cloud service provider. The executive ensures the document includes clear, legally binding metrics regarding guaranteed system uptime (e.g., 99.99%) and specific financial penalties if the provider fails to meet them. What is this document called? A) Memorandum of Understanding (MOU) B) Request for Proposal (RFP) C) Service Level Agreement (SLA) D) Statement of Work (SOW) Rationale: A Service Level Agreement (SLA) is a formal contract between a service provider and an end user that explicitly defines the expected level of service, performance metrics, and remedies if standard targets are missed.

Question 26

A network security team sets up an automated tool at the perimeter of the corporate data center. The tool is designed to monitor incoming network packets, detect known attack signatures, and actively drop malicious connections to prevent them from reaching servers. What type of system is this? A) Intrusion Detection System (IDS) B) Intrusion Prevention System (IPS)

C) Proxy server D) Stateful gateway Rationale: An Intrusion Prevention System (IPS) actively monitors network traffic to detect malicious activity and takes immediate, automated steps to block or prevent the threat. An Intrusion Detection System (IDS) only monitors and alerts without taking action.

Question 27

An employee opens a malicious email attachment that executes a script to encrypt all local documents on their workstation. A pop-up window then demands a payment in cryptocurrency in exchange for the decryption key. What specific category of malware is this? A) Trojan horse B) Spyware C) Ransomware D) Rootkit Rationale: Ransomware is a specific type of malicious software designed to block access to a computer system or encrypt its files until a sum of money or cryptocurrency is paid to the attacker.

Question 28

A software development team adopts a methodology that breaks down development barriers by completely merging the traditional software writing team with the network operations deployment team. This creates a continuous pipeline of automated testing, integration, and release. What is this paradigm called? A) Lean Six Sigma B) DevOps C) Extreme Programming (XP) D) Component-Based Development Rationale: DevOps (a combination of Development and Operations) is a set of practices and cultural philosophies that automates and integrates the processes between software development and IT operations teams. This focus enables faster, more reliable software builds, tests, and deployments.

Question 29

Rationale: Full Disk Encryption (FDE) protects data at rest by encrypting the entire storage drive, including the operating system, applications, and user files. If the physical hardware is lost or stolen, the data cannot be accessed without the decryption key.

Question 32

During a software project, the marketing department repeatedly requests small, additional features to be added to the mobile app development pipeline without any formal adjustments made to the budget or project timeline. What project management risk does this create? A) Scope creep B) Technical debt C) Critical path collapse D) Analysis paralysis Rationale: Scope creep refers to the uncontrolled growth or expansion of a project’s scope without corresponding adjustments to time, cost, or resources. It can derail timelines and cause project failure if not managed via change control.

Question 33

A software development team conducts daily 15-minute meetings where every member explains what they accomplished yesterday, what they will focus on today, and any roadblocks they face. Which specific framework within Agile methodology are they practicing? A) Lean B) Crystal C) Scrum D) Kanban Rationale: Scrum is an Agile framework characterized by short, fixed-length iterations called sprints and structured meetings, including the daily stand-up (or daily Scrum) used to sync team activities and identify impediments.

Question 34

An IT department is implementing Kurt Lewin’s Three-Stage Change Model during an enterprise software migration. The IT director holds workshops to break down employee habits and demonstrate why the old, failing system can no longer be used. Which stage is this?

A) Unfreezing B) Changing C) Refreezing D) Transforming Rationale: The "Unfreezing" stage involves preparing the organization to accept that change is necessary. It requires breaking down existing assumptions and mindsets to overcome inertia and resistance before implementing new processes.

Question 35

After a major cloud ERP system upgrade, a company updates its official standard operating procedures (SOPs), ties employee performance bonuses to proper system usage, and locks out access to legacy tools to ensure staff do not revert to old methods. Which stage of Lewin’s Change Model does this represent? A) Unfreezing B) Transitioning C) Refreezing D) Institutionalizing Rationale: "Refreezing" is the final stage of Lewin’s model. It establishes stability once changes have been implemented, institutionalizing the new behaviors into corporate culture and policies so they become the new status quo.

Question 36

A financial institution wants to verify that its newly developed web portal can withstand deliberate, sophisticated cyberattacks. They hire an ethical hacking firm to simulate an actual cyberattack against their live network infrastructure to find weaknesses. What is this service called? A) Vulnerability scanning B) Penetration testing C) Code auditing D) Risk assessment Rationale: Penetration testing involves authorized, simulated cyberattacks against an organization's systems to evaluate security defenses and identify exploitable vulnerabilities before malicious hackers can discover them.

Question 37

Question 40

An IT architect wants to hide multiple internal server network addresses behind a single public-facing IP address on the router, adding a layer of security by obscuring internal network structures from the public internet. Which protocol or service executes this function? A) Dynamic Host Configuration Protocol (DHCP) B) Domain Name System (DNS) C) Network Address Translation (NAT) D) Simple Network Management Protocol (SNMP) Rationale: Network Address Translation (NAT) maps local, private IP addresses within an internal network to one or more public IP addresses before routing traffic to the internet. This conserves IP addresses and hides internal structures from external threats.

Question 41

A remote worker wants to access secure file repositories located inside the corporate office network while working from a public coffee shop. Which technology should they use to establish an encrypted tunnel over the public internet? A) Secure File Transfer Protocol (SFTP) B) Domain Name System Security Extensions (DNSSEC) C) Virtual Private Network (VPN) D) Transport Layer Security (TLS) Rationale: A Virtual Private Network (VPN) creates a secure, encrypted connection (or tunnel) over a less secure network, such as the public internet, allowing remote users to safely access internal corporate network resources as if they were physically on- premise.

Question 42

An organization wants to analyze customer data patterns using a structure where data is organized into multi-dimensional arrays or data cubes rather than standard two- dimensional rows and columns, enabling fast executive queries. What type of analytical tool does this describe? A) Relational DBMS B) OLAP multidimensional database

C) Flat-file spreadsheet D) Hierarchical database Rationale: OLAP (Online Analytical Processing) systems frequently utilize multidimensional databases that format data into structures called "data cubes." This architecture allows analysts to slice, dice, and view data from various combinations of attributes or dimensions quickly.

Question 43

A company wants to decrease the load on its internal physical infrastructure by moving its software development platforms to the cloud. Developers will be given access to an environment with pre-installed operating systems, database engines, and software development kits (SDKs) over the internet. Which service model should they purchase? A) Infrastructure as a Service (IaaS) B) Platform as a Service (PaaS) C) Software as a Service (SaaS) D) Hardware as a Service (HaaS) Rationale: Platform as a Service (PaaS) provides a cloud environment that includes operating systems, execution environments, databases, and web servers. This allows users to build and run software applications without managing the underlying hardware or OS layer.

Question 44

An IT administrator discovers that an employee was able to bypass network filters because the router's software had a known flaw that the manufacturer released a patch for six months ago. What type of security gap does this flaw represent? A) Threat agent B) Vulnerability C) Exploit baseline D) Technical risk Rationale: A vulnerability is a flaw, loophole, or weakness in a system's security procedures, design, implementation, or internal controls that can be exploited by a threat agent to gain unauthorized access.

Question 45

Question 48

A retail chain uses a software application to track raw material acquisitions, monitor real-time manufacturing schedules, and coordinate shipping container distributions to regional warehouses. Which type of enterprise system is this? A) Customer Relationship Management (CRM) B) Decision Support System (DSS) C) Supply Chain Management (SCM) D) Executive Information System (EIS) Rationale: Supply Chain Management (SCM) systems oversee the flow of goods, data, and finances as a product moves from raw material sourcing, through manufacturing, to its final delivery at the customer’s destination.

Question 49

An organization’s data warehouse contains columns labeled "Social Security Number," "Date of Birth," and "Home Address." Under modern data privacy laws like GDPR and CCPA, how are these specific data elements classified? A) Metadata assets B) Personally Identifiable Information (PII) C) Aggregated non-identifying fields D) Structured relational indices Rationale: Personally Identifiable Information (PII) is any data that could potentially identify a specific individual. Protecting PII is a primary goal of modern data privacy legislation, requiring strict handling, storage, and access controls.

Question 50

A financial services firm wants to move non-sensitive customer marketing tools to a public cloud provider to save money, while keeping its core transaction engine and sensitive account records inside a secure, private corporate data center. What cloud deployment model is being created? A) Public cloud B) Private cloud C) Hybrid cloud D) Multi-tenant cloud

Rationale: A hybrid cloud environment combines public cloud resources with private cloud infrastructure or on-premise data centers, allowing data and applications to be shared between them based on security, compliance, and cost needs.

Question 51

An organization wants to create an IT policy framework that guarantees computing assets are used in an environmentally sustainable manner, minimizing electrical power consumption in data centers and ensuring electronics are recycled responsibly. What management concept does this focus on? A) Green IT B) Agile infrastructure C) Corporate technical governance D) Total Cost of Ownership reduction Rationale: Green IT refers to the practice of designing, manufacturing, using, and disposing of computers, servers, and associated subsystems efficiently and effectively with minimal or no impact on the environment.

Question 52

A multinational bank wants to track and manage its high-level IT investments by viewing them collectively as an investment portfolio, balancing high-risk innovative software projects against low-risk system maintenance tasks to maximize business return. What is this practice called? A) IT Service Level Governance B) IT Portfolio Management C) Strategic Business-IT Sourcing D) Enterprise Resource Provisioning Rationale: IT Portfolio Management applies conventional investment portfolio theory to an organization's IT infrastructure and software projects, allowing executives to evaluate and fund technology initiatives based on risk, cost, and strategic value.

Question 53

A manufacturing plant implements an enterprise software system that allows its supply chain partners to view its raw inventory levels in real-time. This visibility allows suppliers to automatically ship new materials before the plant runs out. This cross-organizational integration is an example of which type of system?