WGU C845 - SSCP Study Guide PT1
John works in an organization. He is trying to insert a password to log in his account on
the organization's login website. Which of the following best describes the use of
passwords for access control? - answer Authentication
What is the primary benefit of a security camera for physical security? - answer
Detective
Why is it important to perform a physical security assessment after a fire, chemical
release, or bomb false alarm? - answer The event could have been triggered as a
distraction to alter physical security mechanisms.
What type of access control is typically the first line of defense? - answer Physical
What is the condition of an IDS security assessment reporting that an event of concern
has taken place, but when later analyzed it is determined that the event was benign and
should not have caused an IDS alert? - answerFalse Positive
Your organization experienced an impersonation attack recently that compromised the
network administrator's user account. In response, new security measures are being
implemented throughout the organization. You have been assigned the task of
improving authentication. You want a new authentication system that ensures the
following:
Eavesdropped passwords cannot be used by an attacker.
Passwords are only able to be used once.
Password predication must be prevented.
Passwords are only valid for a short period of time.
How can you accomplish these goals? - answerImplement a synchronized, one-time
password token-based authentication system.
Which of the following is an example of a single-factor authentication being used to gain
access to a computer system? - answerUsing a username and a 16-character password
How can a user be given the power to set privileges on an object for other users when
within a DAC operating system? - answerGrant the user full control over the object.
Which of the following are the examples of a non-discretionary access control system?
Each correct answer represents a complete solution. Choose all that apply. -
answerMAC (Mandatory Access Control)
, RBAC (Role Based Access Control)
ABAC (Attribute-Based Access Control)
Which of the following clearance levels or classification labels is not generally used in a
government- or military-based MAC scheme? - answerProprietary
How are the access control schemes of MAC and RBAC distinguished from DAC? -
answerThe are not based on user decisions.
How is role-based access control implemented? - answerBy assigning a job name label
to subjects
How can account provisioning be configured so that the assignment of rights and
privileges is nearly automatic once the account is created? - answerUse an RBAC
mechanism where a new user's role is set by an HR admin.
How can account provisioning be configured so that the assignment of rights and
privileges is nearly automatic once the account is created? - answerHave the user type
in the username and password a second time
What is user entitlement? - answerThe rights and privileges assigned to a user
Your organization is using Kerberos for private network authentication. How does
Kerberos demonstrate to a resource host that the identity of a user is valid? - answerAn
ST is issued to the user, which is then sent to the resource host.
What is the technology that enables a user to authenticate to a company network from
their assigned workstation and then be able to interact with resources throughout the
private network without needing to enter additional credentials? - answerSingle Sign-On
You are starting a new website. You want to quickly allow users to begin using your site
without having the hassle of creating a new user account. You set up a one-way trust
federated access link from your website to the three major social networks. Why should
you use a one-way trust in this configuration rather than a two-way trust in this
scenario? - answerA one-way trust allows your website to trust the user accounts of the
social networks without requiring the social networks to trust your website.
Your company is partnering with Verigon to produce a new suite of services for the
financial industry. To create and support these new services, both organizations will
need to share content and perform collaborative work. The new services are to be
offered only to pre-selected and invited clients, rather than being sold openly. How can
this new service be configured without significantly increasing the risk to either
company's private networks? - answerSet up the new service in an extranet and provide
VPN credentials to Verigon and invited clients.
John works in an organization. He is trying to insert a password to log in his account on
the organization's login website. Which of the following best describes the use of
passwords for access control? - answer Authentication
What is the primary benefit of a security camera for physical security? - answer
Detective
Why is it important to perform a physical security assessment after a fire, chemical
release, or bomb false alarm? - answer The event could have been triggered as a
distraction to alter physical security mechanisms.
What type of access control is typically the first line of defense? - answer Physical
What is the condition of an IDS security assessment reporting that an event of concern
has taken place, but when later analyzed it is determined that the event was benign and
should not have caused an IDS alert? - answerFalse Positive
Your organization experienced an impersonation attack recently that compromised the
network administrator's user account. In response, new security measures are being
implemented throughout the organization. You have been assigned the task of
improving authentication. You want a new authentication system that ensures the
following:
Eavesdropped passwords cannot be used by an attacker.
Passwords are only able to be used once.
Password predication must be prevented.
Passwords are only valid for a short period of time.
How can you accomplish these goals? - answerImplement a synchronized, one-time
password token-based authentication system.
Which of the following is an example of a single-factor authentication being used to gain
access to a computer system? - answerUsing a username and a 16-character password
How can a user be given the power to set privileges on an object for other users when
within a DAC operating system? - answerGrant the user full control over the object.
Which of the following are the examples of a non-discretionary access control system?
Each correct answer represents a complete solution. Choose all that apply. -
answerMAC (Mandatory Access Control)
, RBAC (Role Based Access Control)
ABAC (Attribute-Based Access Control)
Which of the following clearance levels or classification labels is not generally used in a
government- or military-based MAC scheme? - answerProprietary
How are the access control schemes of MAC and RBAC distinguished from DAC? -
answerThe are not based on user decisions.
How is role-based access control implemented? - answerBy assigning a job name label
to subjects
How can account provisioning be configured so that the assignment of rights and
privileges is nearly automatic once the account is created? - answerUse an RBAC
mechanism where a new user's role is set by an HR admin.
How can account provisioning be configured so that the assignment of rights and
privileges is nearly automatic once the account is created? - answerHave the user type
in the username and password a second time
What is user entitlement? - answerThe rights and privileges assigned to a user
Your organization is using Kerberos for private network authentication. How does
Kerberos demonstrate to a resource host that the identity of a user is valid? - answerAn
ST is issued to the user, which is then sent to the resource host.
What is the technology that enables a user to authenticate to a company network from
their assigned workstation and then be able to interact with resources throughout the
private network without needing to enter additional credentials? - answerSingle Sign-On
You are starting a new website. You want to quickly allow users to begin using your site
without having the hassle of creating a new user account. You set up a one-way trust
federated access link from your website to the three major social networks. Why should
you use a one-way trust in this configuration rather than a two-way trust in this
scenario? - answerA one-way trust allows your website to trust the user accounts of the
social networks without requiring the social networks to trust your website.
Your company is partnering with Verigon to produce a new suite of services for the
financial industry. To create and support these new services, both organizations will
need to share content and perform collaborative work. The new services are to be
offered only to pre-selected and invited clients, rather than being sold openly. How can
this new service be configured without significantly increasing the risk to either
company's private networks? - answerSet up the new service in an extranet and provide
VPN credentials to Verigon and invited clients.
