WGU C845 VUN1 TASK THREE
CERTIFICATION SCRIPT 2026 DETAILED
ANSWERS PASSED FIRST ATTEMPT
GRADED A+
⩥ Steve is responsible for work stations that handle proprietary
information. What is the best option for these workstations at the end of
their lifecycle? Answer: Sanitization
⩥ What is the earliest stage of a fire to use detection technology to
identify it? Answer: Incipient
⩥ What security control would provide the best defense against a threat
actor trying to execute a buffer overflow attack against a custom
application? Answer: Parameter Checking/Input Validation
⩥ Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in revocation
of certification
D. Members who observe a breach of the Code of Ethics are required to
report the possible violation Answer: B.
,⩥ Under what type of software license does the recipient of software
have an unlimited right to copy, modify, distribute, or resell a software
package? Answer: Public Domain
⩥ What should Steve do if a FAR/FRR diagram does not provide an
acceptable performance level for his organization's needs? Answer:
Assess other biometric systems to compare them since the CER is used
to assess biometric devices.
⩥ What is the CER in biometric device measurment? Answer: Crossover
Error Rate is the number that results when a biometric device is adjusted
to provide equal false acceptance and false rejection rates.
⩥ What type of access control would be the best choice for a person that
would like to support a declaration like "Only allow access to customer
service on managed devices on the wireless network between 8 am and 7
pm"? Answer: Attribute Based Access Control ABAC
⩥ What is the benefit of an ABAC over a RBAC? Answer: An ABAC
can be more specific thus more flexible
⩥ What is the primary advantage of decentralized access control?
Answer: It provides control of access to people closer to the resources
,⩥ How are rules set in ABAC systems? Answer: Uses boolean logic
statements which allow it to be more flexible than RBAC for temporary
rules such as to allow time limited access.
⩥ Which of the following is best described as an access control model
that focuses on subjects and identifies the objects that each subject can
access?
A. Access control list
B. Capability Table
C. Implicit denial list
D. Rights Management Matrix Answer: B
⩥ Adam is accessing a standalone file server using a username and
password provided by the server administrator. Which one of the
following entities is guaranteed to have information necessary to
complete the authorization process?
A. File Server
B. Adam
C. Server Administrator
D. Adam's Supervisor Answer: A. The file server has the correct
information on what activities Adam is AUTHORIZED to perform
⩥ A new member at a 24 hour gym that uses fingerprints to gain access
after hours is surprised to find out that he is registering as a different
member. What type of biometric factor error occurred? Answer: Since he
, was accepted as a different member this was a Type 2 (false positive)
error. If he was not accepted and the door remained locked it would have
been a Type 1 (false negative) error.
⩥ You are tasked with adjusting your organizations password
requirements to make them align with best practices from NIST. What
should you set password expiration to? Answer: NIST Special
Publication 800-63b suggests that organizations should not impose
password expiration requirements on end users
⩥ What access control scheme labels subjects and objects and allows
subjects to access objects when labels match? Answer: Mandatory
Access Control (MAC)
⩥ Mandatory Access Control is based on what type of model? Answer:
Lattice Based
⩥ You need to create a trust relationship between your company and a
vendor. You need to implement the system so that it will allow users
from the vendor's organization to access your accounts payable system
using the accounts created for them by the vendor. What type of
authentication do you need to implement? Answer: This type of
authentication, where one domain trusts users from another domain, is
called federation.
CERTIFICATION SCRIPT 2026 DETAILED
ANSWERS PASSED FIRST ATTEMPT
GRADED A+
⩥ Steve is responsible for work stations that handle proprietary
information. What is the best option for these workstations at the end of
their lifecycle? Answer: Sanitization
⩥ What is the earliest stage of a fire to use detection technology to
identify it? Answer: Incipient
⩥ What security control would provide the best defense against a threat
actor trying to execute a buffer overflow attack against a custom
application? Answer: Parameter Checking/Input Validation
⩥ Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in revocation
of certification
D. Members who observe a breach of the Code of Ethics are required to
report the possible violation Answer: B.
,⩥ Under what type of software license does the recipient of software
have an unlimited right to copy, modify, distribute, or resell a software
package? Answer: Public Domain
⩥ What should Steve do if a FAR/FRR diagram does not provide an
acceptable performance level for his organization's needs? Answer:
Assess other biometric systems to compare them since the CER is used
to assess biometric devices.
⩥ What is the CER in biometric device measurment? Answer: Crossover
Error Rate is the number that results when a biometric device is adjusted
to provide equal false acceptance and false rejection rates.
⩥ What type of access control would be the best choice for a person that
would like to support a declaration like "Only allow access to customer
service on managed devices on the wireless network between 8 am and 7
pm"? Answer: Attribute Based Access Control ABAC
⩥ What is the benefit of an ABAC over a RBAC? Answer: An ABAC
can be more specific thus more flexible
⩥ What is the primary advantage of decentralized access control?
Answer: It provides control of access to people closer to the resources
,⩥ How are rules set in ABAC systems? Answer: Uses boolean logic
statements which allow it to be more flexible than RBAC for temporary
rules such as to allow time limited access.
⩥ Which of the following is best described as an access control model
that focuses on subjects and identifies the objects that each subject can
access?
A. Access control list
B. Capability Table
C. Implicit denial list
D. Rights Management Matrix Answer: B
⩥ Adam is accessing a standalone file server using a username and
password provided by the server administrator. Which one of the
following entities is guaranteed to have information necessary to
complete the authorization process?
A. File Server
B. Adam
C. Server Administrator
D. Adam's Supervisor Answer: A. The file server has the correct
information on what activities Adam is AUTHORIZED to perform
⩥ A new member at a 24 hour gym that uses fingerprints to gain access
after hours is surprised to find out that he is registering as a different
member. What type of biometric factor error occurred? Answer: Since he
, was accepted as a different member this was a Type 2 (false positive)
error. If he was not accepted and the door remained locked it would have
been a Type 1 (false negative) error.
⩥ You are tasked with adjusting your organizations password
requirements to make them align with best practices from NIST. What
should you set password expiration to? Answer: NIST Special
Publication 800-63b suggests that organizations should not impose
password expiration requirements on end users
⩥ What access control scheme labels subjects and objects and allows
subjects to access objects when labels match? Answer: Mandatory
Access Control (MAC)
⩥ Mandatory Access Control is based on what type of model? Answer:
Lattice Based
⩥ You need to create a trust relationship between your company and a
vendor. You need to implement the system so that it will allow users
from the vendor's organization to access your accounts payable system
using the accounts created for them by the vendor. What type of
authentication do you need to implement? Answer: This type of
authentication, where one domain trusts users from another domain, is
called federation.
