WGU C845 SSCP Questions and Answers Latest Update 2026
Exam Prep
1. What is the GREATEST benefit of decentralized security management?
Reduction of the total cost of ownership
Easier administration
Better alignment of security to business needs
Improved compliance with organizational policies and standards
2. How would you interpret the significance of calculating annualized loss
expectancy for a data center?
It determines the physical security measures needed for the data
center.
Calculating annualized loss expectancy helps in understanding the
financial impact of risks and aids in prioritizing risk management
efforts.
It provides a detailed account of all assets in the data center.
It assesses the effectiveness of the current access control models.
3. Describe the significance of the Crossover Error Rate (CER) in evaluating
biometric systems.
The Crossover Error Rate (CER) indicates the point at which the false
acceptance rate equals the false rejection rate, providing a measure
of the system's accuracy.
The Crossover Error Rate (CER) measures the speed of biometric
authentication processes.
The Crossover Error Rate (CER) is used to determine the cost-
effectiveness of biometric systems.
, The Crossover Error Rate (CER) assesses the user satisfaction level
with biometric devices.
4. From our class discussion, which of the following statements reflects NIST's
recommendations on password management?
NIST recommends using short, complex passwords and changing
them frequently.
NIST endorses the use of easily guessable passwords like '123456' for
ease of memory.
NIST advises using long passphrases and not to change them unless
there is a known breach.
NIST suggests using a combination of upper-case letters, numbers,
and special characters, and changing the password every 90 days.
5. In a scenario where a gym implements a new biometric fingerprint system,
how could a high false acceptance rate impact security?
It would require users to provide additional identification.
It would have no impact on security measures in place.
It could allow unauthorized individuals access to the gym facilities.
It would enhance security by allowing only authorized users access.
6. Describe what happens during a false acceptance error in a biometric access
control system.
A false acceptance error occurs when the system accurately identifies
a user.
A false acceptance error occurs when the system fails to recognize
any user.
, A false acceptance error occurs when the system incorrectly grants
access to an unauthorized user.
A false acceptance error occurs when the system denies access to an
authorized user.
7. How can an employee most effectively make sure that the workstations for
which he is responsible are being checked for compliance and that settings
are being applied as necessary?
Create startup scripts to apply policy at system start
Periodically review the baselines with the data owner and system
owners
Assign users to spot-check baseline compliance
Use MS Group Policy
8. What is the term for the privileges assigned to a user upon account creation
in access control models?
Entitlement
Transitivity
Baseline
Aggregation
9. In a scenario where a user named Adam is attempting to access restricted
files, which entity would be essential for determining whether Adam has the
appropriate permissions?
File Server
Network Firewall
Server Administrator
, Adam's Supervisor
10. Describe how rules are determined in an Attribute-Based Access Control
(ABAC) system.
Rules in ABAC systems are set based solely on user roles.
Rules in ABAC systems are created by a central authority without
considering attributes.
Rules in ABAC systems are fixed and do not change based on
context.
Rules in ABAC systems are determined by evaluating attributes of
users, resources, and the environment.
11. Which STRIDE category is associated with issues arising from the inability to
prove the origin of a transaction?
Tampering
Denial of Service
Information disclosure
Repudiation
12. Describe the significance of the FAR/FRR diagram in evaluating biometric
systems.
The FAR/FRR diagram indicates the cost of implementing biometric
systems.
The FAR/FRR diagram helps assess the performance of biometric
systems by illustrating the trade-off between false acceptances
and false rejections.
The FAR/FRR diagram is used to measure the speed of biometric
systems.
Exam Prep
1. What is the GREATEST benefit of decentralized security management?
Reduction of the total cost of ownership
Easier administration
Better alignment of security to business needs
Improved compliance with organizational policies and standards
2. How would you interpret the significance of calculating annualized loss
expectancy for a data center?
It determines the physical security measures needed for the data
center.
Calculating annualized loss expectancy helps in understanding the
financial impact of risks and aids in prioritizing risk management
efforts.
It provides a detailed account of all assets in the data center.
It assesses the effectiveness of the current access control models.
3. Describe the significance of the Crossover Error Rate (CER) in evaluating
biometric systems.
The Crossover Error Rate (CER) indicates the point at which the false
acceptance rate equals the false rejection rate, providing a measure
of the system's accuracy.
The Crossover Error Rate (CER) measures the speed of biometric
authentication processes.
The Crossover Error Rate (CER) is used to determine the cost-
effectiveness of biometric systems.
, The Crossover Error Rate (CER) assesses the user satisfaction level
with biometric devices.
4. From our class discussion, which of the following statements reflects NIST's
recommendations on password management?
NIST recommends using short, complex passwords and changing
them frequently.
NIST endorses the use of easily guessable passwords like '123456' for
ease of memory.
NIST advises using long passphrases and not to change them unless
there is a known breach.
NIST suggests using a combination of upper-case letters, numbers,
and special characters, and changing the password every 90 days.
5. In a scenario where a gym implements a new biometric fingerprint system,
how could a high false acceptance rate impact security?
It would require users to provide additional identification.
It would have no impact on security measures in place.
It could allow unauthorized individuals access to the gym facilities.
It would enhance security by allowing only authorized users access.
6. Describe what happens during a false acceptance error in a biometric access
control system.
A false acceptance error occurs when the system accurately identifies
a user.
A false acceptance error occurs when the system fails to recognize
any user.
, A false acceptance error occurs when the system incorrectly grants
access to an unauthorized user.
A false acceptance error occurs when the system denies access to an
authorized user.
7. How can an employee most effectively make sure that the workstations for
which he is responsible are being checked for compliance and that settings
are being applied as necessary?
Create startup scripts to apply policy at system start
Periodically review the baselines with the data owner and system
owners
Assign users to spot-check baseline compliance
Use MS Group Policy
8. What is the term for the privileges assigned to a user upon account creation
in access control models?
Entitlement
Transitivity
Baseline
Aggregation
9. In a scenario where a user named Adam is attempting to access restricted
files, which entity would be essential for determining whether Adam has the
appropriate permissions?
File Server
Network Firewall
Server Administrator
, Adam's Supervisor
10. Describe how rules are determined in an Attribute-Based Access Control
(ABAC) system.
Rules in ABAC systems are set based solely on user roles.
Rules in ABAC systems are created by a central authority without
considering attributes.
Rules in ABAC systems are fixed and do not change based on
context.
Rules in ABAC systems are determined by evaluating attributes of
users, resources, and the environment.
11. Which STRIDE category is associated with issues arising from the inability to
prove the origin of a transaction?
Tampering
Denial of Service
Information disclosure
Repudiation
12. Describe the significance of the FAR/FRR diagram in evaluating biometric
systems.
The FAR/FRR diagram indicates the cost of implementing biometric
systems.
The FAR/FRR diagram helps assess the performance of biometric
systems by illustrating the trade-off between false acceptances
and false rejections.
The FAR/FRR diagram is used to measure the speed of biometric
systems.
