




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
WGU C954 Information Technology Management OA Study Guide: Practice Questions & Rationales (2026–2028) Pass your Western Governors University C954 objective assessment on the first attempt with this high-yield IT Management study guide engineered for the 2026–2028 curriculum. This resource features realistic practice questions, correct answers, and thorough operational rationales covering IT governance frameworks, strategic alignment tools, security compliance, and technology rollout methodologies. Ideal for accelerating your pre-assessment remediation, sharpening your business-IT decision-making matrix, and securing your IT management degree.
Typology: Exams
1 / 127
This page cannot be seen from the preview
Don't miss anything!





























































































Prepare for the WGU C954 Information Technology Management Objective Assessment with this comprehensive study guide featuring original practice questions, accurate answers, and detailed rationales. Covers IT strategy, information systems, cybersecurity, risk management, project management, IT governance, leadership, innovation, and business technology concepts aligned with the course competencies. Perfect for focused review, self-assessment, and building confidence before your WGU C954 Objective Assessment.
An IT director is evaluating how to implement a new enterprise system. The director focuses on ensuring that the technology directly supports the company’s objective of reducing customer churn by 15%. This scenario is an example of which management concept? A) Technological determinism B) Total Cost of Ownership optimization C) Business-IT alignment D) Infrastructure redundancy Rationale: Business-IT alignment is the continuous process of matching an organization's IT strategy and investments with its overarching business goals, ensuring that technology serves as a tool to achieve strategic objectives rather than operating in a silo.
A large hospital chain wants to adopt a cloud computing platform to handle data processing. However, due to strict healthcare compliance regulations, they must keep control over where sensitive patient data is physically stored. Which cloud deployment model should the Chief Information Officer (CIO) choose? A) Public cloud B) Private cloud C) Community cloud D) Open-source cloud
Rationale: A private cloud is provisioned for exclusive use by a single organization. It offers the highest level of control, security, and data sovereignty, making it ideal for industries with strict regulatory compliance mandates like healthcare or finance.
A startup company needs to implement an office productivity suite but does not want to purchase hardware, manage operating system licenses, or handle software patches. They choose a web-based service where the vendor manages everything. Which cloud service model does this represent? A) Infrastructure as a Service (IaaS) B) Platform as a Service (PaaS) C) Software as a Service (SaaS) D) Desktop as a Service (DaaS) Rationale: Software as a Service (SaaS) delivers fully functional, end-user applications over the internet. The vendor hosts, manages, patches, and secures the entire infrastructure, leaving the client responsible only for using the application.
An IT manager is preparing a budget proposal to migrate the company's local data center to a public cloud provider. How will this migration alter the company's financial accounting profile? A) Capital Expenditures (CapEx) will decrease, and Operational Expenditures (OpEx) will increase. B) Capital Expenditures (CapEx) will increase, and Operational Expenditures (OpEx) will decrease. C) Both Capital Expenditures and Operational Expenditures will decrease to zero. D) Fixed assets will increase, while variable utility costs will be eliminated. Rationale: Moving to the cloud shifts costs from CapEx (buying physical servers up front, which are depreciated over time) to OpEx (paying for computing resources as a recurring utility or operational subscription).
A software development team is building a critical safety application for an automobile braking system. The requirements are fully known, fixed, and cannot change during
A network engineer uses a cryptographic hashing algorithm to generate a unique digital fingerprint for a system configuration file. Every morning, the system checks the file against this hash to verify it hasn't been altered by malware. This practice protects which pillar of the CIA Triad? A) Confidentiality B) Integrity C) Availability D) Accountability Rationale: Integrity ensures that data remains accurate, complete, and unaltered from its original state. Hashing verifies that a file has not been modified, corrupted, or tampered with by unauthorized parties.
An online retail business undergoes a risk assessment that reveals its web servers are highly vulnerable to distributed denial-of-service (DDoS) attacks. The company decides to purchase a comprehensive insurance policy that covers all financial losses resulting from potential downtime. What risk response strategy was deployed? A) Risk Mitigation B) Risk Avoidance C) Risk Acceptance D) Risk Transfer Rationale: Risk transfer involves shifting the financial consequences or liability of a risk to a third party, such as an insurance provider or an outsourced vendor, without necessarily eliminating the threat itself.
A manufacturing corporation wants to implement an enterprise system that integrates its core processes—including finance, human resources, manufacturing, and inventory management—into a single software platform with a unified database. What type of system should they implement? A) Enterprise Resource Planning (ERP) B) Customer Relationship Management (CRM)
C) Supply Chain Management (SCM) D) Knowledge Management System (KMS) Rationale: Enterprise Resource Planning (ERP) software integrates all facets of an operation into a single, unified system, allowing different departments to share information seamlessly and break down data silos.
A corporate security officer installs security cameras, physical badge scanners, and heavy deadbolts on the entrance doors to the primary server room. Which category of security control does this represent? A) Physical control B) Administrative control C) Technical control D) Logical control Rationale: Physical controls are tangible, real-world barriers designed to restrict physical access to property, facilities, or hardware assets (e.g., locks, fences, guards, and biometric doors).
An IT director writes a comprehensive organizational document that mandates annual cybersecurity training for all staff, establishes strict rules for password length, and outlines disciplinary actions for policy violations. What category of security control is this? A) Physical control B) Administrative control C) Technical control D) Operational control Rationale: Administrative controls (also called managerial controls) consist of policies, procedures, training, and guidelines established by management to govern human behavior and reduce risk within an organization.
A financial institution sets up firewalls, installs endpoint anti-malware software on all workstations, and configures complex file access permissions via software access control lists. Which category of security control do these mechanisms fall under?
An IT audit reveals that three separate departments within a logistics company are maintaining their own independent spreadsheets of customer addresses. This has resulted in identical customers having different addresses across the company. What data management issue is occurring? A) Data isolation B) Data redundancy C) Data abstraction D) Data independence Rationale: Data redundancy occurs when the same data field is stored in multiple separate locations within an organization. This often leads to data inconsistency, where different systems hold conflicting records of the truth.
A retail organization plans to implement a new customer relationship management (CRM) software. The CIO schedules pre-launch town halls, user training sessions, and post-launch workshops to help employees transition from their old spreadsheet workflows to the new software. This effort is an application of which discipline? A) Portfolio management B) Business process outsourcing C) Change management D) Business-IT alignment Rationale: Change management is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state. It addresses the human side of technological transformations to increase user adoption and minimize resistance.
An e-commerce business experiences a massive server crash. The IT team determines that it will take 4 hours to completely rebuild the servers from backup tapes and bring the web portal back online for customers. What disaster recovery metric does this 4- hour window represent? A) Recovery Point Objective (RPO) B) Recovery Time Objective (RTO) C) Mean Time Between Failures (MTBF) D) Service Level Threshold (SLT)
Rationale: Recovery Time Objective (RTO) is the targeted duration of time within which a business process or IT system must be restored after a disaster or disruption to avoid unacceptable consequences.
A bank decides that in the event of a catastrophic system failure, they cannot afford to lose more than 15 minutes worth of transaction data. They configure their backup routines to take system snapshots every 15 minutes. What disaster recovery metric dictated this policy? A) Recovery Point Objective (RPO) B) Recovery Time Objective (RTO) C) Maximum Tolerable Downtime (MTD) D) Data Retention Threshold (DRT) Rationale: Recovery Point Objective (RPO) is the maximum age of files or data that an organization must recover from backup storage for normal operations to resume after a disaster. It determines the minimum frequency of backups required.
A credit card processing company must comply with a rigid, industry-mandated security standard that dictates specific requirements for firewall configurations, encryption of cardholder data across public networks, and regular vulnerability tests. Which compliance framework governs this sector? A) PCI-DSS B) HIPAA C) SOX D) FERPA Rationale: The Payment Card Industry Data Security Standard (PCI-DSS) is a widely accepted set of operational and technical policies mandated by major credit card brands to ensure that all companies processing, storing, or transmitting credit card information maintain a secure environment.
A global shipping company wants to store massive amounts of unstructured data, including delivery images, customer audio logs, and raw container tracking data, in its
A streaming service provider handles massive streams of user viewing data generated globally at a rate of millions of events per second. The system must process and analyze this data in real time. Which of the "Three Vs" of Big Data does this extreme speed represent? A) Volume B) Velocity C) Variety D) Veracity Rationale: Velocity refers to the rapid speed at which new data is generated, collected, and processed. Managing high-velocity data requires specialized real-time ingest and analytical architectures.
An IT executive is negotiating a contract with a cloud service provider. The executive ensures the document includes clear, legally binding metrics regarding guaranteed system uptime (e.g., 99.99%) and specific financial penalties if the provider fails to meet them. What is this document called? A) Memorandum of Understanding (MOU) B) Request for Proposal (RFP) C) Service Level Agreement (SLA) D) Statement of Work (SOW) Rationale: A Service Level Agreement (SLA) is a formal contract between a service provider and an end user that explicitly defines the expected level of service, performance metrics, and remedies if standard targets are missed.
A network security team sets up an automated tool at the perimeter of the corporate data center. The tool is designed to monitor incoming network packets, detect known attack signatures, and actively drop malicious connections to prevent them from reaching servers. What type of system is this? A) Intrusion Detection System (IDS) B) Intrusion Prevention System (IPS)
C) Proxy server D) Stateful gateway Rationale: An Intrusion Prevention System (IPS) actively monitors network traffic to detect malicious activity and takes immediate, automated steps to block or prevent the threat. An Intrusion Detection System (IDS) only monitors and alerts without taking action.
An employee opens a malicious email attachment that executes a script to encrypt all local documents on their workstation. A pop-up window then demands a payment in cryptocurrency in exchange for the decryption key. What specific category of malware is this? A) Trojan horse B) Spyware C) Ransomware D) Rootkit Rationale: Ransomware is a specific type of malicious software designed to block access to a computer system or encrypt its files until a sum of money or cryptocurrency is paid to the attacker.
A software development team adopts a methodology that breaks down development barriers by completely merging the traditional software writing team with the network operations deployment team. This creates a continuous pipeline of automated testing, integration, and release. What is this paradigm called? A) Lean Six Sigma B) DevOps C) Extreme Programming (XP) D) Component-Based Development Rationale: DevOps (a combination of Development and Operations) is a set of practices and cultural philosophies that automates and integrates the processes between software development and IT operations teams. This focus enables faster, more reliable software builds, tests, and deployments.
Rationale: Full Disk Encryption (FDE) protects data at rest by encrypting the entire storage drive, including the operating system, applications, and user files. If the physical hardware is lost or stolen, the data cannot be accessed without the decryption key.
During a software project, the marketing department repeatedly requests small, additional features to be added to the mobile app development pipeline without any formal adjustments made to the budget or project timeline. What project management risk does this create? A) Scope creep B) Technical debt C) Critical path collapse D) Analysis paralysis Rationale: Scope creep refers to the uncontrolled growth or expansion of a project’s scope without corresponding adjustments to time, cost, or resources. It can derail timelines and cause project failure if not managed via change control.
A software development team conducts daily 15-minute meetings where every member explains what they accomplished yesterday, what they will focus on today, and any roadblocks they face. Which specific framework within Agile methodology are they practicing? A) Lean B) Crystal C) Scrum D) Kanban Rationale: Scrum is an Agile framework characterized by short, fixed-length iterations called sprints and structured meetings, including the daily stand-up (or daily Scrum) used to sync team activities and identify impediments.
An IT department is implementing Kurt Lewin’s Three-Stage Change Model during an enterprise software migration. The IT director holds workshops to break down employee habits and demonstrate why the old, failing system can no longer be used. Which stage is this?
A) Unfreezing B) Changing C) Refreezing D) Transforming Rationale: The "Unfreezing" stage involves preparing the organization to accept that change is necessary. It requires breaking down existing assumptions and mindsets to overcome inertia and resistance before implementing new processes.
After a major cloud ERP system upgrade, a company updates its official standard operating procedures (SOPs), ties employee performance bonuses to proper system usage, and locks out access to legacy tools to ensure staff do not revert to old methods. Which stage of Lewin’s Change Model does this represent? A) Unfreezing B) Transitioning C) Refreezing D) Institutionalizing Rationale: "Refreezing" is the final stage of Lewin’s model. It establishes stability once changes have been implemented, institutionalizing the new behaviors into corporate culture and policies so they become the new status quo.
A financial institution wants to verify that its newly developed web portal can withstand deliberate, sophisticated cyberattacks. They hire an ethical hacking firm to simulate an actual cyberattack against their live network infrastructure to find weaknesses. What is this service called? A) Vulnerability scanning B) Penetration testing C) Code auditing D) Risk assessment Rationale: Penetration testing involves authorized, simulated cyberattacks against an organization's systems to evaluate security defenses and identify exploitable vulnerabilities before malicious hackers can discover them.
An IT architect wants to hide multiple internal server network addresses behind a single public-facing IP address on the router, adding a layer of security by obscuring internal network structures from the public internet. Which protocol or service executes this function? A) Dynamic Host Configuration Protocol (DHCP) B) Domain Name System (DNS) C) Network Address Translation (NAT) D) Simple Network Management Protocol (SNMP) Rationale: Network Address Translation (NAT) maps local, private IP addresses within an internal network to one or more public IP addresses before routing traffic to the internet. This conserves IP addresses and hides internal structures from external threats.
A remote worker wants to access secure file repositories located inside the corporate office network while working from a public coffee shop. Which technology should they use to establish an encrypted tunnel over the public internet? A) Secure File Transfer Protocol (SFTP) B) Domain Name System Security Extensions (DNSSEC) C) Virtual Private Network (VPN) D) Transport Layer Security (TLS) Rationale: A Virtual Private Network (VPN) creates a secure, encrypted connection (or tunnel) over a less secure network, such as the public internet, allowing remote users to safely access internal corporate network resources as if they were physically on- premise.
An organization wants to analyze customer data patterns using a structure where data is organized into multi-dimensional arrays or data cubes rather than standard two- dimensional rows and columns, enabling fast executive queries. What type of analytical tool does this describe? A) Relational DBMS B) OLAP multidimensional database
C) Flat-file spreadsheet D) Hierarchical database Rationale: OLAP (Online Analytical Processing) systems frequently utilize multidimensional databases that format data into structures called "data cubes." This architecture allows analysts to slice, dice, and view data from various combinations of attributes or dimensions quickly.
A company wants to decrease the load on its internal physical infrastructure by moving its software development platforms to the cloud. Developers will be given access to an environment with pre-installed operating systems, database engines, and software development kits (SDKs) over the internet. Which service model should they purchase? A) Infrastructure as a Service (IaaS) B) Platform as a Service (PaaS) C) Software as a Service (SaaS) D) Hardware as a Service (HaaS) Rationale: Platform as a Service (PaaS) provides a cloud environment that includes operating systems, execution environments, databases, and web servers. This allows users to build and run software applications without managing the underlying hardware or OS layer.
An IT administrator discovers that an employee was able to bypass network filters because the router's software had a known flaw that the manufacturer released a patch for six months ago. What type of security gap does this flaw represent? A) Threat agent B) Vulnerability C) Exploit baseline D) Technical risk Rationale: A vulnerability is a flaw, loophole, or weakness in a system's security procedures, design, implementation, or internal controls that can be exploited by a threat agent to gain unauthorized access.
A retail chain uses a software application to track raw material acquisitions, monitor real-time manufacturing schedules, and coordinate shipping container distributions to regional warehouses. Which type of enterprise system is this? A) Customer Relationship Management (CRM) B) Decision Support System (DSS) C) Supply Chain Management (SCM) D) Executive Information System (EIS) Rationale: Supply Chain Management (SCM) systems oversee the flow of goods, data, and finances as a product moves from raw material sourcing, through manufacturing, to its final delivery at the customer’s destination.
An organization’s data warehouse contains columns labeled "Social Security Number," "Date of Birth," and "Home Address." Under modern data privacy laws like GDPR and CCPA, how are these specific data elements classified? A) Metadata assets B) Personally Identifiable Information (PII) C) Aggregated non-identifying fields D) Structured relational indices Rationale: Personally Identifiable Information (PII) is any data that could potentially identify a specific individual. Protecting PII is a primary goal of modern data privacy legislation, requiring strict handling, storage, and access controls.
A financial services firm wants to move non-sensitive customer marketing tools to a public cloud provider to save money, while keeping its core transaction engine and sensitive account records inside a secure, private corporate data center. What cloud deployment model is being created? A) Public cloud B) Private cloud C) Hybrid cloud D) Multi-tenant cloud
Rationale: A hybrid cloud environment combines public cloud resources with private cloud infrastructure or on-premise data centers, allowing data and applications to be shared between them based on security, compliance, and cost needs.
An organization wants to create an IT policy framework that guarantees computing assets are used in an environmentally sustainable manner, minimizing electrical power consumption in data centers and ensuring electronics are recycled responsibly. What management concept does this focus on? A) Green IT B) Agile infrastructure C) Corporate technical governance D) Total Cost of Ownership reduction Rationale: Green IT refers to the practice of designing, manufacturing, using, and disposing of computers, servers, and associated subsystems efficiently and effectively with minimal or no impact on the environment.
A multinational bank wants to track and manage its high-level IT investments by viewing them collectively as an investment portfolio, balancing high-risk innovative software projects against low-risk system maintenance tasks to maximize business return. What is this practice called? A) IT Service Level Governance B) IT Portfolio Management C) Strategic Business-IT Sourcing D) Enterprise Resource Provisioning Rationale: IT Portfolio Management applies conventional investment portfolio theory to an organization's IT infrastructure and software projects, allowing executives to evaluate and fund technology initiatives based on risk, cost, and strategic value.
A manufacturing plant implements an enterprise software system that allows its supply chain partners to view its raw inventory levels in real-time. This visibility allows suppliers to automatically ship new materials before the plant runs out. This cross-organizational integration is an example of which type of system?