WGU C845 SSCP COMPUTER SECURITY AND
RELIABILITY STUDY GUIDE WITH COMPLETE
SOLUTION!!
1. During what phase of the change management process does the
organiza- tion conduct peer review of the change for accuracy and
completeness?: Analy- sis/Impact Assessment
2. Steve is responsible for work stations that handle proprietary
information. What is the best option for these workstations at the
end of their lifecycle?: San- itization
3. What is the earliest stage of a fire to use detection technology
to identify it?: Incipient
4. What security control would provide the best defense against a
threat actor trying to execute a buffer overflow attack against a custom
application?: Parameter Checking/Input Validation
5. Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in
revocation of certification
D. Members who observe a breach of the Code of Ethics are required
to report the possible violation: B.
6. Under what type of software license does the recipient of
software have an unlimited right to copy, modify, distribute, or
resell a software package?: Public Domain
7. What should Steve do if a FAR/FRR diagram does not provide an
acceptable performance level for his organization's needs?: Assess other
biometric systems to compare them since the CER is used to assess biometric devices.
8. What is the CER in biometric device measurment?: Crossover Error Rate is
the number that results when a biometric device is adjusted to provide equal false acceptance and
false rejection rates.
9. What type of access control would be the best choice for a person
that would like to support a declaration like "Only allow access to
, customer service on managed devices on the wireless network
between 8 am and 7 pm"?: Attribute Based Access Control ABAC
0. What is the benefit of an ABAC over a RBAC?: An ABAC can be more specific thus
more flexible
11. What is the primary advantage of decentralized access control?:
It provides control of access to people closer to the resources
12. How are rules set in ABAC systems?: Uses boolean logic statements which
allow it to be more flexible than RBAC for temporary rules such as to allow time limited access.
13. Which of the following is best described as an access
control model that focuses on subjects and identifies the objects
that each subject can access?
A. Access control list
B. Capability Table
C. Implicit denial list
D. Rights Management Matrix: B
14. Adam is accessing a standalone file server using a
username and pass- word provided by the server administrator.
Which one of the following entities is guaranteed to have
information necessary to complete the authorization process?
A. File Server
B. Adam
C. Server Administrator
D. Adam's Supervisor: A. The file server has the correct information on what activities Adam is
AUTHORIZED to perform
15. A new member at a 24 hour gym that uses fingerprints to
gain access after hours is surprised to find out that he is registering
as a different member. What type of biometric factor error occurred?: Since he
was accepted as a ditterent member this was a Type 2 (false positive) error. If he was not
accepted and the door remained locked it would have been a Type 1 (false negative) error.
16. You are tasked with adjusting your organizations password
requirements to make them align with best practices from NIST. What
should you set password expiration to?: NIST Special Publication 800-63b suggests
that organizations should not impose password expiration requirements on end users
,17. What access control scheme labels subjects and objects and
allows subjects to access objects when labels match?: Mandatory Access
Control (MAC)
18. Mandatory Access Control is based on what type of model?:
Lattice Based
19. You need to create a trust relationship between your company
and a vendor. You need to implement the system so that it will
allow users from the ven- dor's organization to access your accounts
payable system using the accounts created for them by the vendor.
What type of authentication do you need
to implement?: This type of authentication, where one domain trusts users from another domain,
is called federation.
20. Users change job positions quite often at your new company.
Which type of access control would make it easier to allow
administrators to adjust permis- sions when these changes
occur?
A. Role-Based Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Rule-Based Access Control: A Role-Based Access Control would assign permission to
roles and then the administrator would simply adjust the role of the user when he or she changes
jobs
21. Which of the following authenticators is appropriate to use by
itself rather than in combination with other biometric factors?
A. Voice pattern recognition
B. Hand geometry
C. Palm scans
D.Heart/pulse patterns: C. Palm scans compare the vein patterns in the palm to a database to
authenticate a user.
22. As part of hiring a new employee, Sven's identity management
team creates a new user object and ensures that the user object is
available in the directories and systems where it is needed. What is this
process called?: Provisioning includes the creation, maintenance, and removal of user
objects from applications, systems, and directories.
, 23. The Linux filesystem allows the owners of objects to
determine the access rights that subjects have to them. What type
of access control does Linux use?: Discretionary Access Control
24. Mary's organization handles very sensitive governmental
agency informa- tion. They need to implement an access control
system that allows adminis- trators to set access rights but does
not allow the delegation of those rights to other users. What is
the best type of access control design for Mary's
organization?: Mandatory Access Control (MAC) systems allow an administrator to configure
access permissions but do not allow users to delegate permission to others.
25. What term is used to describe the default set of privileges
assigned to a user when a new account is created?
A. Aggregation
B. Transitivity
C. Baseline
D. Entitlement: D. Entitlement refers to the privileges granted to useres when an account is first
provisioned.
26. Steve is the risk manager for a company on the east coast
of the United States. He recently undertook a replacement cost
analysis and determined that rebuilding and reconfiguring the
data center would cost $20 million. Steve consulted with hurricane
experts, data center specialists, and structural engineers and they
determined that a typical CAT 3 hurricane that successfully hits the
east coast would cause approximately $5 million in damages.
The meteorologists determined that Steve's facility lies in an area
where they are likely to experience a CAT 3 hurricane once every
10 years.
Based upon the information in this scenario, what is the exposure
factor for the effect of a CAT 3 hurricane on Steve's data center?: The
exposure factor is the percentage of the facility that risk managers expect will be damaged if
a risk materializes. It is calculated by dividing the amount of damage by the asset value. In this case,
that is $5 million in damage divided by the $20 million facility value, or 25 percent.
27. Steve is the risk manager for a company on the east coast of th
RELIABILITY STUDY GUIDE WITH COMPLETE
SOLUTION!!
1. During what phase of the change management process does the
organiza- tion conduct peer review of the change for accuracy and
completeness?: Analy- sis/Impact Assessment
2. Steve is responsible for work stations that handle proprietary
information. What is the best option for these workstations at the
end of their lifecycle?: San- itization
3. What is the earliest stage of a fire to use detection technology
to identify it?: Incipient
4. What security control would provide the best defense against a
threat actor trying to execute a buffer overflow attack against a custom
application?: Parameter Checking/Input Validation
5. Which of the following is NOT true of the ISC2 Code of Ethics?
A. Adherence to the Code of Ethics is a condition of Certification
B. The code of ethics applies to all security professionals
C. Failure to comply with the Code of Ethics could result in
revocation of certification
D. Members who observe a breach of the Code of Ethics are required
to report the possible violation: B.
6. Under what type of software license does the recipient of
software have an unlimited right to copy, modify, distribute, or
resell a software package?: Public Domain
7. What should Steve do if a FAR/FRR diagram does not provide an
acceptable performance level for his organization's needs?: Assess other
biometric systems to compare them since the CER is used to assess biometric devices.
8. What is the CER in biometric device measurment?: Crossover Error Rate is
the number that results when a biometric device is adjusted to provide equal false acceptance and
false rejection rates.
9. What type of access control would be the best choice for a person
that would like to support a declaration like "Only allow access to
, customer service on managed devices on the wireless network
between 8 am and 7 pm"?: Attribute Based Access Control ABAC
0. What is the benefit of an ABAC over a RBAC?: An ABAC can be more specific thus
more flexible
11. What is the primary advantage of decentralized access control?:
It provides control of access to people closer to the resources
12. How are rules set in ABAC systems?: Uses boolean logic statements which
allow it to be more flexible than RBAC for temporary rules such as to allow time limited access.
13. Which of the following is best described as an access
control model that focuses on subjects and identifies the objects
that each subject can access?
A. Access control list
B. Capability Table
C. Implicit denial list
D. Rights Management Matrix: B
14. Adam is accessing a standalone file server using a
username and pass- word provided by the server administrator.
Which one of the following entities is guaranteed to have
information necessary to complete the authorization process?
A. File Server
B. Adam
C. Server Administrator
D. Adam's Supervisor: A. The file server has the correct information on what activities Adam is
AUTHORIZED to perform
15. A new member at a 24 hour gym that uses fingerprints to
gain access after hours is surprised to find out that he is registering
as a different member. What type of biometric factor error occurred?: Since he
was accepted as a ditterent member this was a Type 2 (false positive) error. If he was not
accepted and the door remained locked it would have been a Type 1 (false negative) error.
16. You are tasked with adjusting your organizations password
requirements to make them align with best practices from NIST. What
should you set password expiration to?: NIST Special Publication 800-63b suggests
that organizations should not impose password expiration requirements on end users
,17. What access control scheme labels subjects and objects and
allows subjects to access objects when labels match?: Mandatory Access
Control (MAC)
18. Mandatory Access Control is based on what type of model?:
Lattice Based
19. You need to create a trust relationship between your company
and a vendor. You need to implement the system so that it will
allow users from the ven- dor's organization to access your accounts
payable system using the accounts created for them by the vendor.
What type of authentication do you need
to implement?: This type of authentication, where one domain trusts users from another domain,
is called federation.
20. Users change job positions quite often at your new company.
Which type of access control would make it easier to allow
administrators to adjust permis- sions when these changes
occur?
A. Role-Based Access Control
B. Mandatory Access Control
C. Discretionary Access Control
D. Rule-Based Access Control: A Role-Based Access Control would assign permission to
roles and then the administrator would simply adjust the role of the user when he or she changes
jobs
21. Which of the following authenticators is appropriate to use by
itself rather than in combination with other biometric factors?
A. Voice pattern recognition
B. Hand geometry
C. Palm scans
D.Heart/pulse patterns: C. Palm scans compare the vein patterns in the palm to a database to
authenticate a user.
22. As part of hiring a new employee, Sven's identity management
team creates a new user object and ensures that the user object is
available in the directories and systems where it is needed. What is this
process called?: Provisioning includes the creation, maintenance, and removal of user
objects from applications, systems, and directories.
, 23. The Linux filesystem allows the owners of objects to
determine the access rights that subjects have to them. What type
of access control does Linux use?: Discretionary Access Control
24. Mary's organization handles very sensitive governmental
agency informa- tion. They need to implement an access control
system that allows adminis- trators to set access rights but does
not allow the delegation of those rights to other users. What is
the best type of access control design for Mary's
organization?: Mandatory Access Control (MAC) systems allow an administrator to configure
access permissions but do not allow users to delegate permission to others.
25. What term is used to describe the default set of privileges
assigned to a user when a new account is created?
A. Aggregation
B. Transitivity
C. Baseline
D. Entitlement: D. Entitlement refers to the privileges granted to useres when an account is first
provisioned.
26. Steve is the risk manager for a company on the east coast
of the United States. He recently undertook a replacement cost
analysis and determined that rebuilding and reconfiguring the
data center would cost $20 million. Steve consulted with hurricane
experts, data center specialists, and structural engineers and they
determined that a typical CAT 3 hurricane that successfully hits the
east coast would cause approximately $5 million in damages.
The meteorologists determined that Steve's facility lies in an area
where they are likely to experience a CAT 3 hurricane once every
10 years.
Based upon the information in this scenario, what is the exposure
factor for the effect of a CAT 3 hurricane on Steve's data center?: The
exposure factor is the percentage of the facility that risk managers expect will be damaged if
a risk materializes. It is calculated by dividing the amount of damage by the asset value. In this case,
that is $5 million in damage divided by the $20 million facility value, or 25 percent.
27. Steve is the risk manager for a company on the east coast of th
