WGU C845 Information Systems Security
SSCP Comprehensive Resource To Help You
Ace 2026-2027 Includes Frequently Tested
Questions With ELABORATED 100% Correct
COMPLETE SOLUTIONS
Guaranteed Pass First Attempt!!
Current Update!!
1. What technology is commonly used for Big Data datasets?
- ANSWER NoSQL
2. How can operational controls be used to improve security compliance?
A Require M-of-N controls and place administrators into compartmented areas.
B Set procedures for work tasks and provide training.
C Implement encryption and multifactor authentication.
D Track activities with auditing and review the audit logs.
- ANSWER B. Operational controls can be used to improve security compliance
by setting procedures for work tasks and providing training. Operational controls
are security mechanisms that are implemented and operated by personnel rather
than by hardware or software. Operational controls include physical protection,
training, hiring practices, supervisory review, incident response, media protection,
configuration and change management, and termination practices. Most
operational controls have the goal or focus of establishing or improving security
compliance.
Answer D is incorrect. Tracking activities with auditing and reviewing the audit
logs is a technical control, not an operational control. Reviewing audit logs can be
,performed by an intrusion detection system (IDS) or security analysis data mining
tool, and thus, would be a technical control. If the audit logs were reviewed by a
person, then it would be an operational control. Because this is not a fully
operational set of controls, this answer is incorrect for this question.
Answer A is incorrect. Requiring M-of-N controls is a technical control, while
placing administrators into compartmented areas is an operational control.
Because these are not a fully operational set of controls, this answer is incorrect
for this question.
Answer C is incorrect. Implementing encryption and multifactor authentication is
incorrect. Encryption and multifactor authentication are logical or technical
controls.
3. When should security be implemented or included in the asset life cycle?
A During the maintaining phase
B As early as possible
C Once the asset is being used in daily operations
D Before implementation
- ANSWER B. Security should be implemented or included in the asset life
cycle as early as possible. Security should be an essential element of all aspects of
an organization, especially in relation to assets. Whenever possible, security
should be included in the initial design and architecture of an asset. If that is not
possible because the asset is obtained from outside sources, then including or
implementing security as early as possible after procurement is essential. If
security is added late in the asset life cycle, it will cost more and be less effective
than when it is implemented earlier.
Answer A is incorrect. Security may be implemented during the maintaining
phase, but this is not the best answer. The maintenance phase is often the longest
phase, as that is the phase of ongoing use and management once an asset is
deployed. Security should have been implemented much earlier in the asset life
,cycle in order to increase its effectiveness and reliability.
Answer D is incorrect. Security may be included before implementation, but this is
not the best answer. For those assets which are crafted or constructed on
premises, security should be implemented in the design phase. For externally
procured assets, security integration may be forced to occur at the point of
implementation. But this is not the general concept to follow. The concept is to
implement security as early in the asset life cycle as possible.
Answer C is incorrect. Security may be implemented once the asset is being used
in daily operations, but this is not the best answer. Security should have been
implemented much earlier in the asset life cycle in order to increase its
effectiveness and reliability.
4. If subjects receive a clearance, what do objects receive?
A Access point
B Classification
C Data Tag
D Mandatory Access Control label
- ANSWER B. Objects within the U.S. military or government agencies may be
issued a classification, classified top secret.
5. Which of the following statements defines auditing?
A Verifies that the product is in compliance with established performance
requirements
B Requests and changes proposals and their subsequent approval or disapproval
C Displays the system status at any point in time
D Processes logs and reports any change to configuration
- ANSWER A
, 6. What is a security procedure?
A Specific criteria that must be met by implementation
B Suggested practices
C Detailed steps for performing specific tasks
D Minimum hardware and software requirements
- ANSWER C. A security procedure is a document containing detailed steps for
performing specific tasks. Procedures are the "how to" components of a security
policy. All of the aspects of the policy itself, standards, baselines, and guidelines,
are distilled into an organized process to perform specific tasks, such as installing
new software, setting up firewalls, establishing secure communications, using
encryption on mobile devices, and destroying sensitive documentation.
Answer B is incorrect. Guidelines are the security policy document that contains
suggested practices. Guidelines are to be used when a specific procedure does not
exist. Generally, the guideline is used to craft a procedure document for the new
task.Answer
D is incorrect. Minimum hardware and software requirements are a baseline. A
baseline is the security policy document that contains minimum hardware and
software requirements or performance requirements.
Answer A is incorrect. A standard is the security policy document that contains
specific criteria that must be met by implementation.
7. An Acceptable Use Policy (AUP) is what type of control?
A Detective
B Corrective
C Administrative
D Compensating
- ANSWER C. Acceptable behavior of individuals within any organization is put
forth in the acceptable use policy. This includes the use of facilities and equipment
SSCP Comprehensive Resource To Help You
Ace 2026-2027 Includes Frequently Tested
Questions With ELABORATED 100% Correct
COMPLETE SOLUTIONS
Guaranteed Pass First Attempt!!
Current Update!!
1. What technology is commonly used for Big Data datasets?
- ANSWER NoSQL
2. How can operational controls be used to improve security compliance?
A Require M-of-N controls and place administrators into compartmented areas.
B Set procedures for work tasks and provide training.
C Implement encryption and multifactor authentication.
D Track activities with auditing and review the audit logs.
- ANSWER B. Operational controls can be used to improve security compliance
by setting procedures for work tasks and providing training. Operational controls
are security mechanisms that are implemented and operated by personnel rather
than by hardware or software. Operational controls include physical protection,
training, hiring practices, supervisory review, incident response, media protection,
configuration and change management, and termination practices. Most
operational controls have the goal or focus of establishing or improving security
compliance.
Answer D is incorrect. Tracking activities with auditing and reviewing the audit
logs is a technical control, not an operational control. Reviewing audit logs can be
,performed by an intrusion detection system (IDS) or security analysis data mining
tool, and thus, would be a technical control. If the audit logs were reviewed by a
person, then it would be an operational control. Because this is not a fully
operational set of controls, this answer is incorrect for this question.
Answer A is incorrect. Requiring M-of-N controls is a technical control, while
placing administrators into compartmented areas is an operational control.
Because these are not a fully operational set of controls, this answer is incorrect
for this question.
Answer C is incorrect. Implementing encryption and multifactor authentication is
incorrect. Encryption and multifactor authentication are logical or technical
controls.
3. When should security be implemented or included in the asset life cycle?
A During the maintaining phase
B As early as possible
C Once the asset is being used in daily operations
D Before implementation
- ANSWER B. Security should be implemented or included in the asset life
cycle as early as possible. Security should be an essential element of all aspects of
an organization, especially in relation to assets. Whenever possible, security
should be included in the initial design and architecture of an asset. If that is not
possible because the asset is obtained from outside sources, then including or
implementing security as early as possible after procurement is essential. If
security is added late in the asset life cycle, it will cost more and be less effective
than when it is implemented earlier.
Answer A is incorrect. Security may be implemented during the maintaining
phase, but this is not the best answer. The maintenance phase is often the longest
phase, as that is the phase of ongoing use and management once an asset is
deployed. Security should have been implemented much earlier in the asset life
,cycle in order to increase its effectiveness and reliability.
Answer D is incorrect. Security may be included before implementation, but this is
not the best answer. For those assets which are crafted or constructed on
premises, security should be implemented in the design phase. For externally
procured assets, security integration may be forced to occur at the point of
implementation. But this is not the general concept to follow. The concept is to
implement security as early in the asset life cycle as possible.
Answer C is incorrect. Security may be implemented once the asset is being used
in daily operations, but this is not the best answer. Security should have been
implemented much earlier in the asset life cycle in order to increase its
effectiveness and reliability.
4. If subjects receive a clearance, what do objects receive?
A Access point
B Classification
C Data Tag
D Mandatory Access Control label
- ANSWER B. Objects within the U.S. military or government agencies may be
issued a classification, classified top secret.
5. Which of the following statements defines auditing?
A Verifies that the product is in compliance with established performance
requirements
B Requests and changes proposals and their subsequent approval or disapproval
C Displays the system status at any point in time
D Processes logs and reports any change to configuration
- ANSWER A
, 6. What is a security procedure?
A Specific criteria that must be met by implementation
B Suggested practices
C Detailed steps for performing specific tasks
D Minimum hardware and software requirements
- ANSWER C. A security procedure is a document containing detailed steps for
performing specific tasks. Procedures are the "how to" components of a security
policy. All of the aspects of the policy itself, standards, baselines, and guidelines,
are distilled into an organized process to perform specific tasks, such as installing
new software, setting up firewalls, establishing secure communications, using
encryption on mobile devices, and destroying sensitive documentation.
Answer B is incorrect. Guidelines are the security policy document that contains
suggested practices. Guidelines are to be used when a specific procedure does not
exist. Generally, the guideline is used to craft a procedure document for the new
task.Answer
D is incorrect. Minimum hardware and software requirements are a baseline. A
baseline is the security policy document that contains minimum hardware and
software requirements or performance requirements.
Answer A is incorrect. A standard is the security policy document that contains
specific criteria that must be met by implementation.
7. An Acceptable Use Policy (AUP) is what type of control?
A Detective
B Corrective
C Administrative
D Compensating
- ANSWER C. Acceptable behavior of individuals within any organization is put
forth in the acceptable use policy. This includes the use of facilities and equipment
