1|Page
WGU C845 SSCP Information Systems
Security Exam Prep 2026 | Complete
Study Guide with Practice Questions &
Correct Answers | Updated & Verified |
WGU Aligned | Guaranteed Pass
During what phase of the change management process does the
organization conduct peer review of the change for accuracy and
completeness? ---CORRECT- ANSWER ☑️☑️☑️ Analysis/Impact
Assessment
Steve is responsible for work stations that handle proprietary
information. What is the best option for these workstations at the end of
their lifecycle? ---CORRECT- ANSWER ☑️☑️☑️ Sanitization
What is the earliest stage of a fire to use detection technology to identify
it? ---CORRECT- ANSWER ☑️☑️☑️ Incipient
What security control would provide the best defense against a threat
actor trying to execute a buffer overflow attack against a custom
application? ---CORRECT- ANSWER ☑️☑️☑️ Parameter
Checking/Input Validation
Which of the following is NOT true of the ISC2 Code of Ethics?
,2|Page
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in revocation
of certification
D. Members who observe a breach of the Code of Ethics are required to
report the possible violation ---CORRECT- ANSWER ☑️☑️☑️ B.
Under what type of software license does the recipient of software have
an unlimited right to copy, modify, distribute, or resell a software
package? ---CORRECT- ANSWER ☑️☑️☑️ Public Domain
What should Steve do if a FAR/FRR diagram does not provide an
acceptable performance level for his organization's needs? ---
CORRECT- ANSWER ☑️☑️☑️ Assess other biometric systems to
compare them since the CER is used to assess biometric devices.
What is the CER in biometric device measurment? ---CORRECT-
ANSWER ☑️☑️☑️ Crossover Error Rate is the number that results when
a biometric device is adjusted to provide equal false acceptance and false
rejection rates.
What type of access control would be the best choice for a person that
would like to support a declaration like "Only allow access to customer
service on managed devices on the wireless network between 8 am and 7
pm"? ---CORRECT- ANSWER ☑️☑️☑️ Attribute Based Access Control
ABAC
,3|Page
What is the benefit of an ABAC over a RBAC? ---CORRECT-
ANSWER ☑️☑️☑️ An ABAC can be more specific thus more flexible
What is the primary advantage of decentralized access control? ---
CORRECT- ANSWER ☑️☑️☑️ It provides control of access to people
closer to the resources
How are rules set in ABAC systems? ---CORRECT- ANSWER ☑️☑️☑️
Uses boolean logic statements which allow it to be more flexible than
RBAC for temporary rules such as to allow time limited access.
Which of the following is best described as an access control model that
focuses on subjects and identifies the objects that each subject can
access?
A. Access control list
B. Capability Table
C. Implicit denial list
D. Rights Management Matrix ---CORRECT- ANSWER ☑️☑️☑️ B
Adam is accessing a standalone file server using a username and
password provided by the server administrator. Which one of the
following entities is guaranteed to have information necessary to
complete the authorization process?
A. File Server
B. Adam
C. Server Administrator
, 4|Page
D. Adam's Supervisor ---CORRECT- ANSWER ☑️☑️☑️ A. The file
server has the correct information on what activities Adam is
AUTHORIZED to perform
A new member at a 24 hour gym that uses fingerprints to gain access
after hours is surprised to find out that he is registering as a different
member. What type of biometric factor error occurred? ---CORRECT-
ANSWER ☑️☑️☑️ Since he was accepted as a different member this was
a Type 2 (false positive) error. If he was not accepted and the door
remained locked it would have been a Type 1 (false negative) error.
You are tasked with adjusting your organizations password requirements
to make them align with best practices from NIST. What should you set
password expiration to? ---CORRECT- ANSWER ☑️☑️☑️ NIST
Special Publication 800-63b suggests that organizations should not
impose password expiration requirements on end users
What access control scheme labels subjects and objects and allows
subjects to access objects when labels match? ---CORRECT-
ANSWER ☑️☑️☑️ Mandatory Access Control (MAC)
Mandatory Access Control is based on what type of model? ---
CORRECT- ANSWER ☑️☑️☑️ Lattice Based
You need to create a trust relationship between your company and a
vendor. You need to implement the system so that it will allow users
from the vendor's organization to access your accounts payable system
WGU C845 SSCP Information Systems
Security Exam Prep 2026 | Complete
Study Guide with Practice Questions &
Correct Answers | Updated & Verified |
WGU Aligned | Guaranteed Pass
During what phase of the change management process does the
organization conduct peer review of the change for accuracy and
completeness? ---CORRECT- ANSWER ☑️☑️☑️ Analysis/Impact
Assessment
Steve is responsible for work stations that handle proprietary
information. What is the best option for these workstations at the end of
their lifecycle? ---CORRECT- ANSWER ☑️☑️☑️ Sanitization
What is the earliest stage of a fire to use detection technology to identify
it? ---CORRECT- ANSWER ☑️☑️☑️ Incipient
What security control would provide the best defense against a threat
actor trying to execute a buffer overflow attack against a custom
application? ---CORRECT- ANSWER ☑️☑️☑️ Parameter
Checking/Input Validation
Which of the following is NOT true of the ISC2 Code of Ethics?
,2|Page
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in revocation
of certification
D. Members who observe a breach of the Code of Ethics are required to
report the possible violation ---CORRECT- ANSWER ☑️☑️☑️ B.
Under what type of software license does the recipient of software have
an unlimited right to copy, modify, distribute, or resell a software
package? ---CORRECT- ANSWER ☑️☑️☑️ Public Domain
What should Steve do if a FAR/FRR diagram does not provide an
acceptable performance level for his organization's needs? ---
CORRECT- ANSWER ☑️☑️☑️ Assess other biometric systems to
compare them since the CER is used to assess biometric devices.
What is the CER in biometric device measurment? ---CORRECT-
ANSWER ☑️☑️☑️ Crossover Error Rate is the number that results when
a biometric device is adjusted to provide equal false acceptance and false
rejection rates.
What type of access control would be the best choice for a person that
would like to support a declaration like "Only allow access to customer
service on managed devices on the wireless network between 8 am and 7
pm"? ---CORRECT- ANSWER ☑️☑️☑️ Attribute Based Access Control
ABAC
,3|Page
What is the benefit of an ABAC over a RBAC? ---CORRECT-
ANSWER ☑️☑️☑️ An ABAC can be more specific thus more flexible
What is the primary advantage of decentralized access control? ---
CORRECT- ANSWER ☑️☑️☑️ It provides control of access to people
closer to the resources
How are rules set in ABAC systems? ---CORRECT- ANSWER ☑️☑️☑️
Uses boolean logic statements which allow it to be more flexible than
RBAC for temporary rules such as to allow time limited access.
Which of the following is best described as an access control model that
focuses on subjects and identifies the objects that each subject can
access?
A. Access control list
B. Capability Table
C. Implicit denial list
D. Rights Management Matrix ---CORRECT- ANSWER ☑️☑️☑️ B
Adam is accessing a standalone file server using a username and
password provided by the server administrator. Which one of the
following entities is guaranteed to have information necessary to
complete the authorization process?
A. File Server
B. Adam
C. Server Administrator
, 4|Page
D. Adam's Supervisor ---CORRECT- ANSWER ☑️☑️☑️ A. The file
server has the correct information on what activities Adam is
AUTHORIZED to perform
A new member at a 24 hour gym that uses fingerprints to gain access
after hours is surprised to find out that he is registering as a different
member. What type of biometric factor error occurred? ---CORRECT-
ANSWER ☑️☑️☑️ Since he was accepted as a different member this was
a Type 2 (false positive) error. If he was not accepted and the door
remained locked it would have been a Type 1 (false negative) error.
You are tasked with adjusting your organizations password requirements
to make them align with best practices from NIST. What should you set
password expiration to? ---CORRECT- ANSWER ☑️☑️☑️ NIST
Special Publication 800-63b suggests that organizations should not
impose password expiration requirements on end users
What access control scheme labels subjects and objects and allows
subjects to access objects when labels match? ---CORRECT-
ANSWER ☑️☑️☑️ Mandatory Access Control (MAC)
Mandatory Access Control is based on what type of model? ---
CORRECT- ANSWER ☑️☑️☑️ Lattice Based
You need to create a trust relationship between your company and a
vendor. You need to implement the system so that it will allow users
from the vendor's organization to access your accounts payable system
