WGU C845 Information Systems
Security and SSCP Study Questions
with 100% Correct Answers
1. AAA, Triple A - ANSWER Referred to as the AAA of access control:
authentication, authorization, and accounting
2. algorithm - ANSWER A mathematical function cryptographic algorithm
that encrypts or decrypts text
3. During what phase of the change management process does the organization
conduct peer review of the change for accuracy and completeness? -
ANSWER Analysis/Impact Assessment
4. Steve is responsible for work stations that handle proprietary information.
What is the best option for these workstations at the end of their lifecycle? -
ANSWER Sanitization
5. What is the earliest stage of a fire to use detection technology to identify it? -
ANSWER Incipient
6. What security control would provide the best defense against a threat actor
trying to execute a buffer overflow attack against a custom application? -
ANSWER Parameter Checking/Input Validation
7. Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
, C. Failure to comply with the Code of Ethics could result in revocation
of certification
D. Members who observe a breach of the Code of Ethics are required to
report the possible violation - ANSWER B.
8. Under what type of software license does the recipient of software have an
unlimited right to copy, modify, distribute, or resell a software package? -
ANSWER Public Domain
9. What should Steve do if a FAR/FRR diagram does not provide an acceptable
performance level for his organization's needs? - ANSWER Assess other
biometric systems to compare them since the CER is used to assess
biometric devices.
10.What is the CER in biometric device measurement? - ANSWER Crossover
Error Rate is the number that results when a biometric device is adjusted to
provide equal false acceptance and false rejection rates.
11.What type of access control would be the best choice for a person that would
like to support a declaration like "Only allow access to customer service on
managed devices on the wireless network between 8 am and 7 pm"? -
ANSWER Attribute Based Access Control ABAC
12.What is the benefit of an ABAC over a RBAC? - ANSWER An ABAC can
be more specific thus more flexible
13.What is the primary advantage of decentralized access control? - ANSWER
It provides control of access to people closer to the resources
,14.How are rules set in ABAC systems? - ANSWER Uses boolean logic
statements which allow it to be more flexible than RBAC for temporary
rules such as to allow time limited access.
15.Which of the following is best described as an access control model that
focuses on subjects and identifies the objects that each subject can access?
A. Access control list
B. Capability Table
C. Implicit denial list
D. Rights Management Matrix - ANSWER B
16.Adam is accessing a standalone file server using a username and password
provided by the server administrator. Which one of the following entities is
guaranteed to have information necessary to complete the authorization
process?
A. File Server
B. Adam
C. Server Administrator
D. Adam's Supervisor - ANSWER A. The file server has the correct
information on what activities Adam is AUTHORIZED to perform
17.A new member at a 24 hour gym that uses fingerprints to gain access after
hours is surprised to find out that he is registering as a different member.
What type of biometric factor error occurred? - ANSWER Since he was
accepted as a different member this was a Type 2 (false positive) error. If he
was not accepted and the door remained locked it would have been a Type 1
(false negative) error.
18.You are tasked with adjusting your organizations password requirements to
make them align with best practices from NIST. What should you set
password expiration to? - ANSWER NIST Special Publication 800-63b
suggests that organizations should not impose password expiration
requirements on end users
, 19.What access control scheme labels subjects and objects and allows subjects
to access objects when labels match? - ANSWER Mandatory Access
Control (MAC)
20.Mandatory Access Control is based on what type of model? - ANSWER
Lattice Based
21.You need to create a trust relationship between your company and a vendor.
You need to implement the system so that it will allow users from the
vendor's organization to access your accounts payable system using the
accounts created for them by the vendor. What type of authentication do you
need to implement? - ANSWER This type of authentication, where one
domain trusts users from another domain, is called federation.
22.Users change job positions quite often at your new company. Which type of
access control would make it easier to allow administrators to adjust
permissions when these changes occur?
A. Role-Based Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Rule-Based Access Control - ANSWER A Role-Based Access
Control would assign permission to roles and then the administrator
would simply adjust the role of the user when he or she changes jobs
23.Which of the following authenticators is appropriate to use by itself rather
than in combination with other biometric factors?
A. Voice pattern recognition
B. Hand geometry
C. Palm scans
D. Heart/pulse patterns - ANSWER C. Palm scans compare the vein
patterns in the palm to a database to authenticate a user.
Security and SSCP Study Questions
with 100% Correct Answers
1. AAA, Triple A - ANSWER Referred to as the AAA of access control:
authentication, authorization, and accounting
2. algorithm - ANSWER A mathematical function cryptographic algorithm
that encrypts or decrypts text
3. During what phase of the change management process does the organization
conduct peer review of the change for accuracy and completeness? -
ANSWER Analysis/Impact Assessment
4. Steve is responsible for work stations that handle proprietary information.
What is the best option for these workstations at the end of their lifecycle? -
ANSWER Sanitization
5. What is the earliest stage of a fire to use detection technology to identify it? -
ANSWER Incipient
6. What security control would provide the best defense against a threat actor
trying to execute a buffer overflow attack against a custom application? -
ANSWER Parameter Checking/Input Validation
7. Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
, C. Failure to comply with the Code of Ethics could result in revocation
of certification
D. Members who observe a breach of the Code of Ethics are required to
report the possible violation - ANSWER B.
8. Under what type of software license does the recipient of software have an
unlimited right to copy, modify, distribute, or resell a software package? -
ANSWER Public Domain
9. What should Steve do if a FAR/FRR diagram does not provide an acceptable
performance level for his organization's needs? - ANSWER Assess other
biometric systems to compare them since the CER is used to assess
biometric devices.
10.What is the CER in biometric device measurement? - ANSWER Crossover
Error Rate is the number that results when a biometric device is adjusted to
provide equal false acceptance and false rejection rates.
11.What type of access control would be the best choice for a person that would
like to support a declaration like "Only allow access to customer service on
managed devices on the wireless network between 8 am and 7 pm"? -
ANSWER Attribute Based Access Control ABAC
12.What is the benefit of an ABAC over a RBAC? - ANSWER An ABAC can
be more specific thus more flexible
13.What is the primary advantage of decentralized access control? - ANSWER
It provides control of access to people closer to the resources
,14.How are rules set in ABAC systems? - ANSWER Uses boolean logic
statements which allow it to be more flexible than RBAC for temporary
rules such as to allow time limited access.
15.Which of the following is best described as an access control model that
focuses on subjects and identifies the objects that each subject can access?
A. Access control list
B. Capability Table
C. Implicit denial list
D. Rights Management Matrix - ANSWER B
16.Adam is accessing a standalone file server using a username and password
provided by the server administrator. Which one of the following entities is
guaranteed to have information necessary to complete the authorization
process?
A. File Server
B. Adam
C. Server Administrator
D. Adam's Supervisor - ANSWER A. The file server has the correct
information on what activities Adam is AUTHORIZED to perform
17.A new member at a 24 hour gym that uses fingerprints to gain access after
hours is surprised to find out that he is registering as a different member.
What type of biometric factor error occurred? - ANSWER Since he was
accepted as a different member this was a Type 2 (false positive) error. If he
was not accepted and the door remained locked it would have been a Type 1
(false negative) error.
18.You are tasked with adjusting your organizations password requirements to
make them align with best practices from NIST. What should you set
password expiration to? - ANSWER NIST Special Publication 800-63b
suggests that organizations should not impose password expiration
requirements on end users
, 19.What access control scheme labels subjects and objects and allows subjects
to access objects when labels match? - ANSWER Mandatory Access
Control (MAC)
20.Mandatory Access Control is based on what type of model? - ANSWER
Lattice Based
21.You need to create a trust relationship between your company and a vendor.
You need to implement the system so that it will allow users from the
vendor's organization to access your accounts payable system using the
accounts created for them by the vendor. What type of authentication do you
need to implement? - ANSWER This type of authentication, where one
domain trusts users from another domain, is called federation.
22.Users change job positions quite often at your new company. Which type of
access control would make it easier to allow administrators to adjust
permissions when these changes occur?
A. Role-Based Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Rule-Based Access Control - ANSWER A Role-Based Access
Control would assign permission to roles and then the administrator
would simply adjust the role of the user when he or she changes jobs
23.Which of the following authenticators is appropriate to use by itself rather
than in combination with other biometric factors?
A. Voice pattern recognition
B. Hand geometry
C. Palm scans
D. Heart/pulse patterns - ANSWER C. Palm scans compare the vein
patterns in the palm to a database to authenticate a user.
