WGU C845 SSCP EXAM COMPLETE
QUESTIONS AND VERIFIED ANSWERS
\Q\.During what phase of the change management process does the organization conduct peer
review of the change for accuracy and completeness? - ANSWERS✔-Analysis/Impact
Assessment
\Q\.Steve is responsible for work stations that handle proprietary information. What is the best
option for these workstations at the end of their lifecycle? - ANSWERS✔-Sanitization
\Q\.What is the earliest stage of a fire to use detection technology to identify it? - ANSWERS✔-
Incipient
\Q\.What security control would provide the best defense against a threat actor trying to
execute a buffer overflow attack against a custom application? - ANSWERS✔-Parameter
Checking/Input Validation
\Q\.Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in revocation of certification
D. Members who observe a breach of the Code of Ethics are required to report the possible
violation - ANSWERS✔-B.
,\Q\.Under what type of software license does the recipient of software have an unlimited right
to copy, modify, distribute, or resell a software package? - ANSWERS✔-Public Domain
\Q\.What should Steve do if a FAR/FRR diagram does not provide an acceptable performance
level for his organization's needs? - ANSWERS✔-Assess other biometric systems to compare
them since the CER is used to assess biometric devices.
\Q\.What is the CER in biometric device measurment? - ANSWERS✔-Crossover Error Rate is the
number that results when a biometric device is adjusted to provide equal false acceptance and
false rejection rates.
\Q\.What type of access control would be the best choice for a person that would like to
support a declaration like "Only allow access to customer service on managed devices on the
wireless network between 8 am and 7 pm"? - ANSWERS✔-Attribute Based Access Control ABAC
\Q\.What is the benefit of an ABAC over a RBAC? - ANSWERS✔-An ABAC can be more specific
thus more flexible
\Q\.What is the primary advantage of decentralized access control? - ANSWERS✔-It provides
control of access to people closer to the resources
\Q\.How are rules set in ABAC systems? - ANSWERS✔-Uses boolean logic statements which
allow it to be more flexible than RBAC for temporary rules such as to allow time limited access.
\Q\.Which of the following is best described as an access control model that focuses on subjects
and identifies the objects that each subject can access?
A. Access control list
B. Capability Table
C. Implicit denial list
,D. Rights Management Matrix - ANSWERS✔-B
\Q\.Adam is accessing a standalone file server using a username and password provided by the
server administrator. Which one of the following entities is guaranteed to have information
necessary to complete the authorization process?
A. File Server
B. Adam
C. Server Administrator
D. Adam's Supervisor - ANSWERS✔-A. The file server has the correct information on what
activities Adam is AUTHORIZED to perform
\Q\.A new member at a 24 hour gym that uses fingerprints to gain access after hours is
surprised to find out that he is registering as a different member. What type of biometric factor
error occurred? - ANSWERS✔-Since he was accepted as a different member this was a Type 2
(false positive) error. If he was not accepted and the door remained locked it would have been a
Type 1 (false negative) error.
\Q\.You are tasked with adjusting your organizations password requirements to make them align
with best practices from NIST. What should you set password expiration to? - ANSWERS✔-NIST
Special Publication 800-63b suggests that organizations should not impose password expiration
requirements on end users
\Q\.What access control scheme labels subjects and objects and allows subjects to access
objects when labels match? - ANSWERS✔-Mandatory Access Control (MAC)
\Q\.Mandatory Access Control is based on what type of model? - ANSWERS✔-Lattice Based
\Q\.You need to create a trust relationship between your company and a vendor. You need to
implement the system so that it will allow users from the vendor's organization to access your
accounts payable system using the accounts created for them by the vendor. What type of
, authentication do you need to implement? - ANSWERS✔-This type of authentication, where
one domain trusts users from another domain, is called federation.
\Q\.Users change job positions quite often at your new company. Which type of access control
would make it easier to allow administrators to adjust permissions when these changes occur?
A. Role-Based Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Rule-Based Access Control - ANSWERS✔-A Role-Based Access Control would assign
permission to roles and then the administrator would simply adjust the role of the user when he
or she changes jobs
\Q\.Which of the following authenticators is appropriate to use by itself rather than in
combination with other biometric factors?
A. Voice pattern recognition
B. Hand geometry
C. Palm scans
D. Heart/pulse patterns - ANSWERS✔-C. Palm scans compare the vein patterns in the palm to a
database to authenticate a user.
\Q\.As part of hiring a new employee, Sven's identity management team creates a new user
object and ensures that the user object is available in the directories and systems where it is
needed. What is this process called? - ANSWERS✔-Provisioning includes the creation,
maintenance, and removal of user objects from applications, systems, and directories.
\Q\.The Linux filesystem allows the owners of objects to determine the access rights that
subjects have to them. What type of access control does Linux use? - ANSWERS✔-Discretionary
Access Control
QUESTIONS AND VERIFIED ANSWERS
\Q\.During what phase of the change management process does the organization conduct peer
review of the change for accuracy and completeness? - ANSWERS✔-Analysis/Impact
Assessment
\Q\.Steve is responsible for work stations that handle proprietary information. What is the best
option for these workstations at the end of their lifecycle? - ANSWERS✔-Sanitization
\Q\.What is the earliest stage of a fire to use detection technology to identify it? - ANSWERS✔-
Incipient
\Q\.What security control would provide the best defense against a threat actor trying to
execute a buffer overflow attack against a custom application? - ANSWERS✔-Parameter
Checking/Input Validation
\Q\.Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in revocation of certification
D. Members who observe a breach of the Code of Ethics are required to report the possible
violation - ANSWERS✔-B.
,\Q\.Under what type of software license does the recipient of software have an unlimited right
to copy, modify, distribute, or resell a software package? - ANSWERS✔-Public Domain
\Q\.What should Steve do if a FAR/FRR diagram does not provide an acceptable performance
level for his organization's needs? - ANSWERS✔-Assess other biometric systems to compare
them since the CER is used to assess biometric devices.
\Q\.What is the CER in biometric device measurment? - ANSWERS✔-Crossover Error Rate is the
number that results when a biometric device is adjusted to provide equal false acceptance and
false rejection rates.
\Q\.What type of access control would be the best choice for a person that would like to
support a declaration like "Only allow access to customer service on managed devices on the
wireless network between 8 am and 7 pm"? - ANSWERS✔-Attribute Based Access Control ABAC
\Q\.What is the benefit of an ABAC over a RBAC? - ANSWERS✔-An ABAC can be more specific
thus more flexible
\Q\.What is the primary advantage of decentralized access control? - ANSWERS✔-It provides
control of access to people closer to the resources
\Q\.How are rules set in ABAC systems? - ANSWERS✔-Uses boolean logic statements which
allow it to be more flexible than RBAC for temporary rules such as to allow time limited access.
\Q\.Which of the following is best described as an access control model that focuses on subjects
and identifies the objects that each subject can access?
A. Access control list
B. Capability Table
C. Implicit denial list
,D. Rights Management Matrix - ANSWERS✔-B
\Q\.Adam is accessing a standalone file server using a username and password provided by the
server administrator. Which one of the following entities is guaranteed to have information
necessary to complete the authorization process?
A. File Server
B. Adam
C. Server Administrator
D. Adam's Supervisor - ANSWERS✔-A. The file server has the correct information on what
activities Adam is AUTHORIZED to perform
\Q\.A new member at a 24 hour gym that uses fingerprints to gain access after hours is
surprised to find out that he is registering as a different member. What type of biometric factor
error occurred? - ANSWERS✔-Since he was accepted as a different member this was a Type 2
(false positive) error. If he was not accepted and the door remained locked it would have been a
Type 1 (false negative) error.
\Q\.You are tasked with adjusting your organizations password requirements to make them align
with best practices from NIST. What should you set password expiration to? - ANSWERS✔-NIST
Special Publication 800-63b suggests that organizations should not impose password expiration
requirements on end users
\Q\.What access control scheme labels subjects and objects and allows subjects to access
objects when labels match? - ANSWERS✔-Mandatory Access Control (MAC)
\Q\.Mandatory Access Control is based on what type of model? - ANSWERS✔-Lattice Based
\Q\.You need to create a trust relationship between your company and a vendor. You need to
implement the system so that it will allow users from the vendor's organization to access your
accounts payable system using the accounts created for them by the vendor. What type of
, authentication do you need to implement? - ANSWERS✔-This type of authentication, where
one domain trusts users from another domain, is called federation.
\Q\.Users change job positions quite often at your new company. Which type of access control
would make it easier to allow administrators to adjust permissions when these changes occur?
A. Role-Based Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Rule-Based Access Control - ANSWERS✔-A Role-Based Access Control would assign
permission to roles and then the administrator would simply adjust the role of the user when he
or she changes jobs
\Q\.Which of the following authenticators is appropriate to use by itself rather than in
combination with other biometric factors?
A. Voice pattern recognition
B. Hand geometry
C. Palm scans
D. Heart/pulse patterns - ANSWERS✔-C. Palm scans compare the vein patterns in the palm to a
database to authenticate a user.
\Q\.As part of hiring a new employee, Sven's identity management team creates a new user
object and ensures that the user object is available in the directories and systems where it is
needed. What is this process called? - ANSWERS✔-Provisioning includes the creation,
maintenance, and removal of user objects from applications, systems, and directories.
\Q\.The Linux filesystem allows the owners of objects to determine the access rights that
subjects have to them. What type of access control does Linux use? - ANSWERS✔-Discretionary
Access Control
