WGU C845 Information Systems Security SSCP
Comprehensive Resource To Help You Ace 2026-2027
Includes Frequently Tested Questions With ELABORATED
100% Correct COMPLETE SOLUTIONS
Guaranteed Pass First Attempt!!
Current Update!!
1. What are the 6 steps in the NIST Risk Management Framework found in the
NIST SP ___-__? - ANSWER Categorize Information Systems
Select Security Controls
Implement Security Controls
Access Security Controls
Authorize Information Systems
Monitor Security Controls
2. These are centralized documents used to track information about the risks
facing an organization and their current status. They contain a description of
each risk , ac categorization scheme a risk assessment (probability and
impact), and risk mitigation actions. - ANSWER Risk Registers
3. This shares risk information across organizations and may be used strategically
and/or operationally. - ANSWER Threat Intelligence
,4. Threat intelligence often includes __________ __ __________ that are telltale
signs of malicious activity. - ANSWER Indicatitors of Compromise (IOC)
5. This identifies and prioritized threats through a structured approach. -
ANSWER Threat Modeling
6. There are 3 major approaches to threat identification: - ANSWER
Asset Focused
Threat Focused
Service Focused
7. This threat identification approach uses the asset inventory as the basis for the
analysis - ANSWER Asset Focused
8. This threat identification approach identifies how specific threats may affect
each information system. - ANSWER Threat Focused
9. This threat identification approach identifies the impact of various threats on
a specific service. - ANSWER Service Focused
10. These verify that a control is functioning properly. - ANSWER Security
Tests
11. These are comprehensive reviews of the security of a system, application, or
other tested environment. - ANSWER Security Assessments
,12. These use testing and assessment techniques but are performed by
independent auditors. - ANSWER Security Audits
13. There are three types of security audits: - ANSWER Internal
External
Third-Party
14. These security audits are performed by an organization's internal audit staff,
normally led by a Chief Audit Executive who reports directly to the CEO. -
ANSWER Internal Audits
15. These security audits are performed by an outside auditing firm. - ANSWER
External Audits
16. These security audits are conducted by, or on behalf of, another organization,
such as a regulator. - ANSWER Third-Party Audits
17. Organizations that provide services to other
organizations may conduct audits under ____ __. - ANSWER SSAE 16
18. Two different types of reports when conducting audits: - ANSWER Type I
Type II
, 19. This type of report provides a description of the controls in place, as
described by the audited organization, and the auditor's opinion whether the
controls described are sufficient. The auditor does not test the controls. -
ANSWER Type I Report
20. This type of report documents engagements where the auditor actually tests
the controls and provides an opinion on their effectiveness. - ANSWER
Type II Report
Three commonly used standards for cybersecurity audits. - ANSWER COBIT
ISO 27001
ISO 27002
Developers and security professionals use a variety of ________ _______
techniques to verify that they are building secure and effective software. -
ANSWER Software Testing
Software testing technique that ensures that software meets business
requirements. It answers the question "Are we building the right software?" -
ANSWER Validation
Software testing technique that ensures that the software functions correctly. It
answers the question "Are we building the software right?" - ANSWER
Verification
Comprehensive Resource To Help You Ace 2026-2027
Includes Frequently Tested Questions With ELABORATED
100% Correct COMPLETE SOLUTIONS
Guaranteed Pass First Attempt!!
Current Update!!
1. What are the 6 steps in the NIST Risk Management Framework found in the
NIST SP ___-__? - ANSWER Categorize Information Systems
Select Security Controls
Implement Security Controls
Access Security Controls
Authorize Information Systems
Monitor Security Controls
2. These are centralized documents used to track information about the risks
facing an organization and their current status. They contain a description of
each risk , ac categorization scheme a risk assessment (probability and
impact), and risk mitigation actions. - ANSWER Risk Registers
3. This shares risk information across organizations and may be used strategically
and/or operationally. - ANSWER Threat Intelligence
,4. Threat intelligence often includes __________ __ __________ that are telltale
signs of malicious activity. - ANSWER Indicatitors of Compromise (IOC)
5. This identifies and prioritized threats through a structured approach. -
ANSWER Threat Modeling
6. There are 3 major approaches to threat identification: - ANSWER
Asset Focused
Threat Focused
Service Focused
7. This threat identification approach uses the asset inventory as the basis for the
analysis - ANSWER Asset Focused
8. This threat identification approach identifies how specific threats may affect
each information system. - ANSWER Threat Focused
9. This threat identification approach identifies the impact of various threats on
a specific service. - ANSWER Service Focused
10. These verify that a control is functioning properly. - ANSWER Security
Tests
11. These are comprehensive reviews of the security of a system, application, or
other tested environment. - ANSWER Security Assessments
,12. These use testing and assessment techniques but are performed by
independent auditors. - ANSWER Security Audits
13. There are three types of security audits: - ANSWER Internal
External
Third-Party
14. These security audits are performed by an organization's internal audit staff,
normally led by a Chief Audit Executive who reports directly to the CEO. -
ANSWER Internal Audits
15. These security audits are performed by an outside auditing firm. - ANSWER
External Audits
16. These security audits are conducted by, or on behalf of, another organization,
such as a regulator. - ANSWER Third-Party Audits
17. Organizations that provide services to other
organizations may conduct audits under ____ __. - ANSWER SSAE 16
18. Two different types of reports when conducting audits: - ANSWER Type I
Type II
, 19. This type of report provides a description of the controls in place, as
described by the audited organization, and the auditor's opinion whether the
controls described are sufficient. The auditor does not test the controls. -
ANSWER Type I Report
20. This type of report documents engagements where the auditor actually tests
the controls and provides an opinion on their effectiveness. - ANSWER
Type II Report
Three commonly used standards for cybersecurity audits. - ANSWER COBIT
ISO 27001
ISO 27002
Developers and security professionals use a variety of ________ _______
techniques to verify that they are building secure and effective software. -
ANSWER Software Testing
Software testing technique that ensures that software meets business
requirements. It answers the question "Are we building the right software?" -
ANSWER Validation
Software testing technique that ensures that the software functions correctly. It
answers the question "Are we building the software right?" - ANSWER
Verification
