1 | Page
| | | | |
WGU Course C845 Information Systems
Security (SSCP) 2026 EXAM QUESTIONS
WITH COMPLETE SOLUTIONS
Which of the following is a symmetric algorithm?
| | | | | | |
A Diffie-Hellman
|
B RSA |
C AES |
D HMAC ---CORRECT- ANSWER ☑️☑️☑️ C
| | | | |
How can a user be given the power to set privileges on an object for other
| | | | | | | | | | | | | | |
users when within a DAC operating system?
| | | | | | |
A Remove special permissions for the user on the object.
| | | | | | | | |
B Grant the user full control over the object.
| | | | | | | |
C Give the user the modify privilege on the object.
| | | | | | | | |
D Issue an administrative job label to the user. ---CORRECT- ANSWER
| | | | | | | | | |
☑️☑️☑️ B
| |
,2 | Page
| | | | |
Your company adopts a new end-user security awareness program. This
| | | | | | | | |
training includes malware introduction, social media issues, password
| | | | | | | |
guidelines, data exposure, and lost devices. How often should end users
| | | | | | | | | | |
receive this training?
| | |
A once a year and upon termination
| | | | | |
B upon new hire and once a year thereafter
| | | | | | | |
C upon termination
| |
D twice a year
| | |
E upon new hire
| | |
F once a year ---CORRECT- ANSWER ☑️☑️☑️ B
| | | | | | |
What type of event is more likely to trigger the business continuity plan (BCP)
| | | | | | | | | | | | |
rather than the disaster recovery plan (DRP)?
| | | | | | |
A A port-scanning event against your public servers in the DMZ
| | | | | | | | | |
B A security breach of an administrator account
| | | | | | |
C Several users failing to remember their logon credentials
| | | | | | | |
D A level 5 hurricane ---CORRECT- ANSWER ☑️☑️☑️ B
| | | | | | | |
What is the IEEE standard known as port-based network access control
| | | | | | | | | |
which is used to leverage authentication already present in a network to
| | | | | | | | | | | |
validate clients connecting over hardware devices, such as wireless access
| | | | | | | | | |
points or VPN concentrators?
| | | |
,3 | Page
| | | | |
A IEEE 802.1x
| |
B IEEE 802.15
| |
C IEEE 802.3
| |
D IEEE 802.11 ---CORRECT- ANSWER ☑️☑️☑️ A
| | | | | |
Why is change control and management used as a component of software
| | | | | | | | | | |
asset management?
| |
A To stop changes from being implemented into an environment
| | | | | | | | |
B To oversee the asset procurement process
| | | | | |
C To prevent or reduce unintended reduction in security
| | | | | | | |
D To restrict the privileges assigned to compartmentalized administrators -
| | | | | | | | |
--CORRECT- ANSWER ☑️☑️☑️ C | | |
What is the cost benefit equation?
| | | | |
A [ALE1 - ALE2] - CCM
| | | | |
B AES - CCMP
| | |
C total initial risk - countermeasure benefit
| | | | | |
D AV x EF x ARO ---CORRECT- ANSWER ☑️☑️☑️ A
| | | | | | | | |
, 4 | Page
| | | | |
What is the best means to restore the most current form of data when a
| | | | | | | | | | | | | |
backup strategy is based on starting each week off with a full backup
| | | | | | | | | | | | |
followed by a daily differential?
| | | | |
A Restore the initial week's full backup and then the last differential
| | | | | | | | | | |
backup before the failure.
| | | |
B Restore only the last differential backup.
| | | | | |
C Restore the initial week's full backup and then each differential backup
| | | | | | | | | | |
up to the failure.
| | | |
D Restore the last differential backup and then the week's full backup. --
| | | | | | | | | | | |
-CORRECT- ANSWER ☑️☑️☑️ A | | |
Which of the following is not considered an example of a non-
| | | | | | | | | | |
discretionary access control system?
| | | |
A MAC |
B ACL |
C ABAC |
D RBAC ---CORRECT- ANSWER ☑️☑️☑️ B
| | | | |
How should countermeasures be implemented as part of the recovery
| | | | | | | | |
phase of incident response?
| | | |
| | | | |
WGU Course C845 Information Systems
Security (SSCP) 2026 EXAM QUESTIONS
WITH COMPLETE SOLUTIONS
Which of the following is a symmetric algorithm?
| | | | | | |
A Diffie-Hellman
|
B RSA |
C AES |
D HMAC ---CORRECT- ANSWER ☑️☑️☑️ C
| | | | |
How can a user be given the power to set privileges on an object for other
| | | | | | | | | | | | | | |
users when within a DAC operating system?
| | | | | | |
A Remove special permissions for the user on the object.
| | | | | | | | |
B Grant the user full control over the object.
| | | | | | | |
C Give the user the modify privilege on the object.
| | | | | | | | |
D Issue an administrative job label to the user. ---CORRECT- ANSWER
| | | | | | | | | |
☑️☑️☑️ B
| |
,2 | Page
| | | | |
Your company adopts a new end-user security awareness program. This
| | | | | | | | |
training includes malware introduction, social media issues, password
| | | | | | | |
guidelines, data exposure, and lost devices. How often should end users
| | | | | | | | | | |
receive this training?
| | |
A once a year and upon termination
| | | | | |
B upon new hire and once a year thereafter
| | | | | | | |
C upon termination
| |
D twice a year
| | |
E upon new hire
| | |
F once a year ---CORRECT- ANSWER ☑️☑️☑️ B
| | | | | | |
What type of event is more likely to trigger the business continuity plan (BCP)
| | | | | | | | | | | | |
rather than the disaster recovery plan (DRP)?
| | | | | | |
A A port-scanning event against your public servers in the DMZ
| | | | | | | | | |
B A security breach of an administrator account
| | | | | | |
C Several users failing to remember their logon credentials
| | | | | | | |
D A level 5 hurricane ---CORRECT- ANSWER ☑️☑️☑️ B
| | | | | | | |
What is the IEEE standard known as port-based network access control
| | | | | | | | | |
which is used to leverage authentication already present in a network to
| | | | | | | | | | | |
validate clients connecting over hardware devices, such as wireless access
| | | | | | | | | |
points or VPN concentrators?
| | | |
,3 | Page
| | | | |
A IEEE 802.1x
| |
B IEEE 802.15
| |
C IEEE 802.3
| |
D IEEE 802.11 ---CORRECT- ANSWER ☑️☑️☑️ A
| | | | | |
Why is change control and management used as a component of software
| | | | | | | | | | |
asset management?
| |
A To stop changes from being implemented into an environment
| | | | | | | | |
B To oversee the asset procurement process
| | | | | |
C To prevent or reduce unintended reduction in security
| | | | | | | |
D To restrict the privileges assigned to compartmentalized administrators -
| | | | | | | | |
--CORRECT- ANSWER ☑️☑️☑️ C | | |
What is the cost benefit equation?
| | | | |
A [ALE1 - ALE2] - CCM
| | | | |
B AES - CCMP
| | |
C total initial risk - countermeasure benefit
| | | | | |
D AV x EF x ARO ---CORRECT- ANSWER ☑️☑️☑️ A
| | | | | | | | |
, 4 | Page
| | | | |
What is the best means to restore the most current form of data when a
| | | | | | | | | | | | | |
backup strategy is based on starting each week off with a full backup
| | | | | | | | | | | | |
followed by a daily differential?
| | | | |
A Restore the initial week's full backup and then the last differential
| | | | | | | | | | |
backup before the failure.
| | | |
B Restore only the last differential backup.
| | | | | |
C Restore the initial week's full backup and then each differential backup
| | | | | | | | | | |
up to the failure.
| | | |
D Restore the last differential backup and then the week's full backup. --
| | | | | | | | | | | |
-CORRECT- ANSWER ☑️☑️☑️ A | | |
Which of the following is not considered an example of a non-
| | | | | | | | | | |
discretionary access control system?
| | | |
A MAC |
B ACL |
C ABAC |
D RBAC ---CORRECT- ANSWER ☑️☑️☑️ B
| | | | |
How should countermeasures be implemented as part of the recovery
| | | | | | | | |
phase of incident response?
| | | |
