WGU C845 Information Systems Security SSCP Comprehensive Resource To Help You Ace Includes Frequently Tested Questions With ELABORATED 100% Correct COMPLETE SOLUTIONS Guaranteed Pass First Attempt!! Current Update!!

WGU C845 Information Systems Security SSCP
Comprehensive Resource To Help You Ace 2026-2027
Includes Frequently Tested Questions With ELABORATED
100% Correct COMPLETE SOLUTIONS

Guaranteed Pass First Attempt!!

Current Update!!




1. What are the 6 steps in the NIST Risk Management Framework found in the
NIST SP ___-__? - ANSWER Categorize Information Systems
Select Security Controls
Implement Security Controls
Access Security Controls
Authorize Information Systems
Monitor Security Controls


2. These are centralized documents used to track information about the risks
facing an organization and their current status. They contain a description of
each risk , ac categorization scheme a risk assessment (probability and
impact), and risk mitigation actions. - ANSWER Risk Registers


3. This shares risk information across organizations and may be used strategically
and/or operationally. - ANSWER Threat Intelligence

,4. Threat intelligence often includes __________ __ __________ that are telltale
signs of malicious activity. - ANSWER Indicatitors of Compromise (IOC)


5. This identifies and prioritized threats through a structured approach. -
ANSWER Threat Modeling



6. There are 3 major approaches to threat identification: - ANSWER

Asset Focused
Threat Focused
Service Focused


7. This threat identification approach uses the asset inventory as the basis for the
analysis - ANSWER Asset Focused


8. This threat identification approach identifies how specific threats may affect
each information system. - ANSWER Threat Focused


9. This threat identification approach identifies the impact of various threats on
a specific service. - ANSWER Service Focused



10. These verify that a control is functioning properly. - ANSWER Security
Tests


11. These are comprehensive reviews of the security of a system, application, or
other tested environment. - ANSWER Security Assessments

,12. These use testing and assessment techniques but are performed by
independent auditors. - ANSWER Security Audits



13. There are three types of security audits: - ANSWER Internal

External
Third-Party


14. These security audits are performed by an organization's internal audit staff,
normally led by a Chief Audit Executive who reports directly to the CEO. -
ANSWER Internal Audits


15. These security audits are performed by an outside auditing firm. - ANSWER
External Audits


16. These security audits are conducted by, or on behalf of, another organization,
such as a regulator. - ANSWER Third-Party Audits


17. Organizations that provide services to other

organizations may conduct audits under ____ __. - ANSWER SSAE 16



18. Two different types of reports when conducting audits: - ANSWER Type I

Type II

, 19. This type of report provides a description of the controls in place, as
described by the audited organization, and the auditor's opinion whether the
controls described are sufficient. The auditor does not test the controls. -
ANSWER Type I Report


20. This type of report documents engagements where the auditor actually tests
the controls and provides an opinion on their effectiveness. - ANSWER
Type II Report



Three commonly used standards for cybersecurity audits. - ANSWER COBIT
ISO 27001
ISO 27002


Developers and security professionals use a variety of ________ _______
techniques to verify that they are building secure and effective software. -
ANSWER Software Testing


Software testing technique that ensures that software meets business
requirements. It answers the question "Are we building the right software?" -
ANSWER Validation


Software testing technique that ensures that the software functions correctly. It
answers the question "Are we building the software right?" - ANSWER
Verification