WGU COURSE C845 - INFORMATION
SYSTEMS SECURITY (SSCP) QUIZLET
BY BRIAN MACFARLANE
Which9of9the9following9is9a9symmetric9algorithm?
A9Diffie-Hellman
B9RSA
C9AES
D9HMAC9-9ans✔C
How9can9a9user9be9given9the9power9to9set9privileges9on9an9object9for9other9users9wh
en9within9a9DAC9operating9system?
A9Remove9special9permissions9for9the9user9on9the9object.
B9Grant9the9user9full9control9over9the9object.
C9Give9the9user9the9modify9privilege9on9the9object.
D9Issue9an9administrative9job9label9to9the9user.9-9ans✔B
Your9company9adopts9a9new9end-
user9security9awareness9program.9This9training9includes9malware9introduction,9social9
media9issues,9password9guidelines,9data9exposure,9and9lost9devices.9How9often9shoul
d9end9users9receive9this9training?
A9once9a9year9and9upon9termination
B9upon9new9hire9and9once9a9year9thereafter
C9upon9termination
D9twice9a9year
E9upon9new9hire
F9once9a9year9-9ans✔B
What9type9of9event9is9more9likely9to9trigger9the9business9continuity9plan9(BCP)9rather9
than9the9disaster9recovery9plan9(DRP)?
A9A9port-scanning9event9against9your9public9servers9in9the9DMZ
B9A9security9breach9of9an9administrator9account
C9Several9users9failing9to9remember9their9logon9credentials
,D9A9level959hurricane9-9ans✔B
What9is9the9IEEE9standard9known9as9port-
based9network9access9control9which9is9used9to9leverage9authentication9already9prese
nt9in9a9network9to9validate9clients9connecting9over9hardware9devices,9such9as9wireles
s9access9points9or9VPN9concentrators?
A9IEEE9802.1x
B9IEEE9802.15
C9IEEE9802.3
D9IEEE9802.119-9ans✔A
Why9is9change9control9and9management9used9as9a9component9of9software9asset9ma
nagement?
A9To9stop9changes9from9being9implemented9into9an9environment
B9To9oversee9the9asset9procurement9process
C9To9prevent9or9reduce9unintended9reduction9in9security
D9To9restrict9the9privileges9assigned9to9compartmentalized9administrators9-9ans✔C
What9is9the9cost9benefit9equation?
A9[ALE19-9ALE2]9-9CCM
B9AES9-9CCMP
C9total9initial9risk9-9countermeasure9benefit
D9AV9x9EF9x9ARO9-9ans✔A
What9is9the9best9means9to9restore9the9most9current9form9of9data9when9a9backup9strat
egy9is9based9on9starting9each9week9off9with9a9full9backup9followed9by9a9daily9different
ial?
A9Restore9the9initial9week's9full9backup9and9then9the9last9differential9backup9before9th
e9failure.
B9Restore9only9the9last9differential9backup.
C9Restore9the9initial9week's9full9backup9and9then9each9differential9backup9up9to9the9fa
ilure.
D9Restore9the9last9differential9backup9and9then9the9week's9full9backup.9-9ans✔A
Which9of9the9following9is9not9considered9an9example9of9a9non-
discretionary9access9control9system?
A9MAC
B9ACL
,C9ABAC
D9RBAC9-9ans✔B
How9should9countermeasures9be9implemented9as9part9of9the9recovery9phase9of9incide
nt9response?
A9During9next9year's9security9review
B9Based9on9the9lowest9cost9among9available9options
C9As9defined9by9the9current9security9policy
D9As9determined9by9the9violation9that9occurred9-9ans✔D
Remote9control9malware9was9found9on9a9client9device,9and9an9unknown9attacker9was
9manipulating9the9network9from9afar.9The9attack9resulted9in9the9network9switches9reve
rting9to9flooding9mode,9thereby9enabling9the9attacker9to9eavesdrop9on9a9significant9po
rtion9of9network9communications.9After9reviewing9IDS9and9traffic9logs,9you9determine9t
hat9this9was9accomplished9by9an9attack9utility9which9generated9a9constant9Ethernet9fr
ames9with9random9source9MAC9addresses.9What9can9be9done9to9prevent9this9attack9f
rom9occurring9in9the9future?
A9Restrict9access9to9DHCP.
B9Use9a9static9HOSTS9file.
C9Use9MAC9limiting9on9the9switch9ports.
D9Implement9an9ARP9monitor.9-9ans✔C
How9is9quantitative9risk9analysis9performed?
A9Through9the9Delphi9technique
B9With9scenario-based9assessments
C9Using9calculations
D9Via9employee9interviews9-9ans✔C
What9special9component9on9a9motherboard9can9be9used9to9securely9store9the9encrypt
ion9key9for9whole9drive9encryption?
A9CMOS
B9RAM
C9TPM
D9CPU9-9ans✔C
When9is9it9appropriate9to9contact9law9enforcement9when9an9organization9experiences9
a9security9breach?
A9If9a9violation9is9more9severe9than9just9breaking9company9policy9rules
B9If9a9breach9of9security9occurs
C9If9a9tolerable9or9accepted9risk9is9realized
D9If9an9insider9uses9another9employee's9credentials9-9ans✔A
, What9is9the9name9of9a9cryptographic9attack9based9on9a9database9of9pre-
computed9hash9values9and9the9original9plaintext9values?
A9Brute9force9attack
B9Rainbow9table9attack
C9Frequency9analysis
D9Chosen9plaintext9attack9-9ans✔B
What9is9the9purpose9of9a9Security9Information9and9Event9Management9(SIEM)9produc
t?
A9To9provide9real-time9logging9and9analysis9of9security9events
B9To9define9the9requirements9of9security9procedures
C9To9provide9event9planning9guidance9for9holding9industry9conferences
D9To9improve9employee9security9training9-9ans✔A
How9does9salting9passwords9reduce9the9likelihood9that9a9password9cracking9attack9wil
l9be9successful?
A9It9prevents9automated9attacks.
B9It9forces9the9attacker9to9focus9on9one9account9at9a9time.
C9It9triggers9an9account9lockout9after9a9fixed9number9of9false9attempts.
D9It9increases9the9work9load9required9to9become9successful.9-9ans✔D
Which9of9the9following9clearance9levels9or9classification9labels9is9not9generally9used9in
9a9government-9or9military-based9MAC9scheme?
A9Unclassified
B9Confidential
C9Top9Secret
D9Proprietary9-9ans✔D
You9are9starting9a9new9website.9You9want9to9quickly9allow9users9to9begin9using9your9
site9without9having9the9hassle9of9creating9a9new9user9account.9You9set9up9a9one-
way9trust9federated9access9link9from9your9website9to9the9three9major9social9networks.9
Why9should9you9use9a9one-way9trust9in9this9configuration9rather9than9a9two-
way9trust9in9this9scenario?
A9A9one-
way9trust9allows9your9website9to9trust9the9user9accounts9of9the9social9networks9withou
t9requiring9the9social9networks9to9trust9your9website.
B9Two-
way9trusts9are9only9valid9in9private9networks9and9cannot9be9used9across9the9Internet.
SYSTEMS SECURITY (SSCP) QUIZLET
BY BRIAN MACFARLANE
Which9of9the9following9is9a9symmetric9algorithm?
A9Diffie-Hellman
B9RSA
C9AES
D9HMAC9-9ans✔C
How9can9a9user9be9given9the9power9to9set9privileges9on9an9object9for9other9users9wh
en9within9a9DAC9operating9system?
A9Remove9special9permissions9for9the9user9on9the9object.
B9Grant9the9user9full9control9over9the9object.
C9Give9the9user9the9modify9privilege9on9the9object.
D9Issue9an9administrative9job9label9to9the9user.9-9ans✔B
Your9company9adopts9a9new9end-
user9security9awareness9program.9This9training9includes9malware9introduction,9social9
media9issues,9password9guidelines,9data9exposure,9and9lost9devices.9How9often9shoul
d9end9users9receive9this9training?
A9once9a9year9and9upon9termination
B9upon9new9hire9and9once9a9year9thereafter
C9upon9termination
D9twice9a9year
E9upon9new9hire
F9once9a9year9-9ans✔B
What9type9of9event9is9more9likely9to9trigger9the9business9continuity9plan9(BCP)9rather9
than9the9disaster9recovery9plan9(DRP)?
A9A9port-scanning9event9against9your9public9servers9in9the9DMZ
B9A9security9breach9of9an9administrator9account
C9Several9users9failing9to9remember9their9logon9credentials
,D9A9level959hurricane9-9ans✔B
What9is9the9IEEE9standard9known9as9port-
based9network9access9control9which9is9used9to9leverage9authentication9already9prese
nt9in9a9network9to9validate9clients9connecting9over9hardware9devices,9such9as9wireles
s9access9points9or9VPN9concentrators?
A9IEEE9802.1x
B9IEEE9802.15
C9IEEE9802.3
D9IEEE9802.119-9ans✔A
Why9is9change9control9and9management9used9as9a9component9of9software9asset9ma
nagement?
A9To9stop9changes9from9being9implemented9into9an9environment
B9To9oversee9the9asset9procurement9process
C9To9prevent9or9reduce9unintended9reduction9in9security
D9To9restrict9the9privileges9assigned9to9compartmentalized9administrators9-9ans✔C
What9is9the9cost9benefit9equation?
A9[ALE19-9ALE2]9-9CCM
B9AES9-9CCMP
C9total9initial9risk9-9countermeasure9benefit
D9AV9x9EF9x9ARO9-9ans✔A
What9is9the9best9means9to9restore9the9most9current9form9of9data9when9a9backup9strat
egy9is9based9on9starting9each9week9off9with9a9full9backup9followed9by9a9daily9different
ial?
A9Restore9the9initial9week's9full9backup9and9then9the9last9differential9backup9before9th
e9failure.
B9Restore9only9the9last9differential9backup.
C9Restore9the9initial9week's9full9backup9and9then9each9differential9backup9up9to9the9fa
ilure.
D9Restore9the9last9differential9backup9and9then9the9week's9full9backup.9-9ans✔A
Which9of9the9following9is9not9considered9an9example9of9a9non-
discretionary9access9control9system?
A9MAC
B9ACL
,C9ABAC
D9RBAC9-9ans✔B
How9should9countermeasures9be9implemented9as9part9of9the9recovery9phase9of9incide
nt9response?
A9During9next9year's9security9review
B9Based9on9the9lowest9cost9among9available9options
C9As9defined9by9the9current9security9policy
D9As9determined9by9the9violation9that9occurred9-9ans✔D
Remote9control9malware9was9found9on9a9client9device,9and9an9unknown9attacker9was
9manipulating9the9network9from9afar.9The9attack9resulted9in9the9network9switches9reve
rting9to9flooding9mode,9thereby9enabling9the9attacker9to9eavesdrop9on9a9significant9po
rtion9of9network9communications.9After9reviewing9IDS9and9traffic9logs,9you9determine9t
hat9this9was9accomplished9by9an9attack9utility9which9generated9a9constant9Ethernet9fr
ames9with9random9source9MAC9addresses.9What9can9be9done9to9prevent9this9attack9f
rom9occurring9in9the9future?
A9Restrict9access9to9DHCP.
B9Use9a9static9HOSTS9file.
C9Use9MAC9limiting9on9the9switch9ports.
D9Implement9an9ARP9monitor.9-9ans✔C
How9is9quantitative9risk9analysis9performed?
A9Through9the9Delphi9technique
B9With9scenario-based9assessments
C9Using9calculations
D9Via9employee9interviews9-9ans✔C
What9special9component9on9a9motherboard9can9be9used9to9securely9store9the9encrypt
ion9key9for9whole9drive9encryption?
A9CMOS
B9RAM
C9TPM
D9CPU9-9ans✔C
When9is9it9appropriate9to9contact9law9enforcement9when9an9organization9experiences9
a9security9breach?
A9If9a9violation9is9more9severe9than9just9breaking9company9policy9rules
B9If9a9breach9of9security9occurs
C9If9a9tolerable9or9accepted9risk9is9realized
D9If9an9insider9uses9another9employee's9credentials9-9ans✔A
, What9is9the9name9of9a9cryptographic9attack9based9on9a9database9of9pre-
computed9hash9values9and9the9original9plaintext9values?
A9Brute9force9attack
B9Rainbow9table9attack
C9Frequency9analysis
D9Chosen9plaintext9attack9-9ans✔B
What9is9the9purpose9of9a9Security9Information9and9Event9Management9(SIEM)9produc
t?
A9To9provide9real-time9logging9and9analysis9of9security9events
B9To9define9the9requirements9of9security9procedures
C9To9provide9event9planning9guidance9for9holding9industry9conferences
D9To9improve9employee9security9training9-9ans✔A
How9does9salting9passwords9reduce9the9likelihood9that9a9password9cracking9attack9wil
l9be9successful?
A9It9prevents9automated9attacks.
B9It9forces9the9attacker9to9focus9on9one9account9at9a9time.
C9It9triggers9an9account9lockout9after9a9fixed9number9of9false9attempts.
D9It9increases9the9work9load9required9to9become9successful.9-9ans✔D
Which9of9the9following9clearance9levels9or9classification9labels9is9not9generally9used9in
9a9government-9or9military-based9MAC9scheme?
A9Unclassified
B9Confidential
C9Top9Secret
D9Proprietary9-9ans✔D
You9are9starting9a9new9website.9You9want9to9quickly9allow9users9to9begin9using9your9
site9without9having9the9hassle9of9creating9a9new9user9account.9You9set9up9a9one-
way9trust9federated9access9link9from9your9website9to9the9three9major9social9networks.9
Why9should9you9use9a9one-way9trust9in9this9configuration9rather9than9a9two-
way9trust9in9this9scenario?
A9A9one-
way9trust9allows9your9website9to9trust9the9user9accounts9of9the9social9networks9withou
t9requiring9the9social9networks9to9trust9your9website.
B9Two-
way9trusts9are9only9valid9in9private9networks9and9cannot9be9used9across9the9Internet.
