ESTUDYR
SSCP PRACTICE QUESTIONS WGU C845 UPDATED EXAM WITH MOST
TESTED QUESTIONS AND ANSWERS | GRADED A+ | ASSURED SUCCESS
WITH DETAILED RATIONALES
1. What can be defined as a table of subjects and objects indicating what actions individual
subjects can take upon individual objects?
A. A capacity table
B. An access control list
C. An access control matrix
D. A capability table
Rationale: An access control matrix is a two-dimensional table that maps subjects (users,
processes) to objects (files, resources) and specifies the access rights each subject has for each
object. It is a conceptual model used in access control systems.
2. Which access control model is best suited in an environment where a high security level is
required and where it is desired that only the administrator grants access control?
A. DAC
B. MAC
C. Access control matrix
D. TACACS
Rationale: Mandatory Access Control (MAC) is a strict, centrally administered model where
security labels are assigned to subjects and objects. Access decisions are based on these labels,
and administrators control all permissions, making it ideal for high-security environments like
military or government systems.
3. Which access control model provides upper and lower bounds of access capabilities for a
subject?
A. Role-based access control
B. Lattice-based access control
C. Biba access control
D. Content-dependent access control
,ESTUDYR
Rationale: Lattice-based access control is a mathematical model that defines a subject’s access
level within a hierarchical structure (lattice). It provides both a least upper bound and greatest
lower bound for access, ensuring subjects operate within predefined security levels.
4. How are memory cards and smart cards different?
A. Memory cards normally hold more memory than smart cards
B. Smart cards provide a two-factor authentication whereas memory cards don't
C. Memory cards have no processing power
D. Only smart cards can be used for ATM cards
Rationale: Memory cards only store data and have no internal processor, while smart
cards contain a microprocessor that can process data, perform encryption, and support
multifactor authentication.
5. Why do buffer overflows happen? What is the main cause?
A. Because buffers can only hold so much data
B. Because of improper parameter checking within the application
C. Because they are an easy weakness to exploit
D. Because of insufficient system memory
Rationale: Buffer overflows occur when an application fails to properly validate input size,
allowing data to exceed the allocated buffer space and overwrite adjacent memory. This is
typically due to poor coding practices and lack of input validation.
6. What is the main focus of the Bell-LaPadula security model?
A. Accountability
B. Integrity
C. Confidentiality
D. Availability
Rationale: The Bell-LaPadula model is designed to protect confidentiality in multilevel security
systems. It uses security labels and enforces rules like no read up (simple security
property) and no write down (star property) to prevent unauthorized disclosure.
,ESTUDYR
7. Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT
making use of the strong star property?
A. It allows "read up."
B. It addresses covert channels.
C. It addresses management of access controls.
D. It allows "write up."
Rationale: Without the strong star property (which combines simple security and star
property), the Bell-LaPadula model may allow a subject at a lower security level to write up to a
higher level, potentially creating a covert channel.
8. Which security model introduces access to objects only through programs?
A. The Biba model
B. The Bell-LaPadula model
C. The Clark-Wilson model
D. The information flow model
Rationale: The Clark-Wilson model enforces integrity by requiring that access to objects occurs
only through well-defined transformation procedures (TPs) and constrained data items (CDIs),
ensuring controlled and auditable operations.
9. Which security model ensures that actions that take place at a higher security level do not
affect actions that take place at a lower level?
A. The Bell-LaPadula model
B. The information flow model
C. The noninterference model
D. The Clark-Wilson model
Rationale: The noninterference model ensures that activities at a higher security level do not
interfere with or affect lower-level processes, preventing information leakage through indirect
channels.
10. Which of the following security models does NOT concern itself with the flow of data?
A. The information flow model
B. The Biba model
, ESTUDYR
C. The Bell-LaPadula model
D. The noninterference model
Rationale: While the noninterference model focuses on preventing interference between
security levels, it does not explicitly model data flow. In contrast, Biba, Bell-LaPadula, and
information flow models all address data flow directly.
11. What Orange Book security rating is reserved for systems that have been evaluated but fail
to meet the criteria and requirements of the higher divisions?
A. A
B. D
C. E
D. F
Rationale: In the TCSEC (Orange Book), Division D is the lowest rating, reserved for systems
that have been evaluated but do not meet the requirements for higher divisions (C, B, A).
12. Which division of the Orange Book deals with discretionary protection (need-to-know)?
A. D
B. C
C. B
D. A
Rationale: Division C of the Orange Book provides discretionary protection, requiring
identification and authentication, audit trails, and discretionary access controls.
13. Which of the following are not Remote Access concerns?
A. Justification for remote access
B. Auditing of activities
C. Regular review of access privileges
D. Access badges
Rationale: Access badges are a physical security control used for on-site access, not a remote
access concern. Remote access focuses on authentication, authorization, auditing, and secure
communication.
SSCP PRACTICE QUESTIONS WGU C845 UPDATED EXAM WITH MOST
TESTED QUESTIONS AND ANSWERS | GRADED A+ | ASSURED SUCCESS
WITH DETAILED RATIONALES
1. What can be defined as a table of subjects and objects indicating what actions individual
subjects can take upon individual objects?
A. A capacity table
B. An access control list
C. An access control matrix
D. A capability table
Rationale: An access control matrix is a two-dimensional table that maps subjects (users,
processes) to objects (files, resources) and specifies the access rights each subject has for each
object. It is a conceptual model used in access control systems.
2. Which access control model is best suited in an environment where a high security level is
required and where it is desired that only the administrator grants access control?
A. DAC
B. MAC
C. Access control matrix
D. TACACS
Rationale: Mandatory Access Control (MAC) is a strict, centrally administered model where
security labels are assigned to subjects and objects. Access decisions are based on these labels,
and administrators control all permissions, making it ideal for high-security environments like
military or government systems.
3. Which access control model provides upper and lower bounds of access capabilities for a
subject?
A. Role-based access control
B. Lattice-based access control
C. Biba access control
D. Content-dependent access control
,ESTUDYR
Rationale: Lattice-based access control is a mathematical model that defines a subject’s access
level within a hierarchical structure (lattice). It provides both a least upper bound and greatest
lower bound for access, ensuring subjects operate within predefined security levels.
4. How are memory cards and smart cards different?
A. Memory cards normally hold more memory than smart cards
B. Smart cards provide a two-factor authentication whereas memory cards don't
C. Memory cards have no processing power
D. Only smart cards can be used for ATM cards
Rationale: Memory cards only store data and have no internal processor, while smart
cards contain a microprocessor that can process data, perform encryption, and support
multifactor authentication.
5. Why do buffer overflows happen? What is the main cause?
A. Because buffers can only hold so much data
B. Because of improper parameter checking within the application
C. Because they are an easy weakness to exploit
D. Because of insufficient system memory
Rationale: Buffer overflows occur when an application fails to properly validate input size,
allowing data to exceed the allocated buffer space and overwrite adjacent memory. This is
typically due to poor coding practices and lack of input validation.
6. What is the main focus of the Bell-LaPadula security model?
A. Accountability
B. Integrity
C. Confidentiality
D. Availability
Rationale: The Bell-LaPadula model is designed to protect confidentiality in multilevel security
systems. It uses security labels and enforces rules like no read up (simple security
property) and no write down (star property) to prevent unauthorized disclosure.
,ESTUDYR
7. Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT
making use of the strong star property?
A. It allows "read up."
B. It addresses covert channels.
C. It addresses management of access controls.
D. It allows "write up."
Rationale: Without the strong star property (which combines simple security and star
property), the Bell-LaPadula model may allow a subject at a lower security level to write up to a
higher level, potentially creating a covert channel.
8. Which security model introduces access to objects only through programs?
A. The Biba model
B. The Bell-LaPadula model
C. The Clark-Wilson model
D. The information flow model
Rationale: The Clark-Wilson model enforces integrity by requiring that access to objects occurs
only through well-defined transformation procedures (TPs) and constrained data items (CDIs),
ensuring controlled and auditable operations.
9. Which security model ensures that actions that take place at a higher security level do not
affect actions that take place at a lower level?
A. The Bell-LaPadula model
B. The information flow model
C. The noninterference model
D. The Clark-Wilson model
Rationale: The noninterference model ensures that activities at a higher security level do not
interfere with or affect lower-level processes, preventing information leakage through indirect
channels.
10. Which of the following security models does NOT concern itself with the flow of data?
A. The information flow model
B. The Biba model
, ESTUDYR
C. The Bell-LaPadula model
D. The noninterference model
Rationale: While the noninterference model focuses on preventing interference between
security levels, it does not explicitly model data flow. In contrast, Biba, Bell-LaPadula, and
information flow models all address data flow directly.
11. What Orange Book security rating is reserved for systems that have been evaluated but fail
to meet the criteria and requirements of the higher divisions?
A. A
B. D
C. E
D. F
Rationale: In the TCSEC (Orange Book), Division D is the lowest rating, reserved for systems
that have been evaluated but do not meet the requirements for higher divisions (C, B, A).
12. Which division of the Orange Book deals with discretionary protection (need-to-know)?
A. D
B. C
C. B
D. A
Rationale: Division C of the Orange Book provides discretionary protection, requiring
identification and authentication, audit trails, and discretionary access controls.
13. Which of the following are not Remote Access concerns?
A. Justification for remote access
B. Auditing of activities
C. Regular review of access privileges
D. Access badges
Rationale: Access badges are a physical security control used for on-site access, not a remote
access concern. Remote access focuses on authentication, authorization, auditing, and secure
communication.
