1|Page
WGU Course C845 Information Systems
Security (SSCP) Quizlet 2026 | Brian
MacFarlane Study Set | Updated
Questions & Answers | CISSP Prep |
WGU Exam Review
Which of the following is a symmetric algorithm?
A Diffie-Hellman
B RSA
C AES
D HMAC ---CORRECT- ANSWER ☑️☑️☑️ C
How can a user be given the power to set privileges on an object for
other users when within a DAC operating system?
A Remove special permissions for the user on the object.
B Grant the user full control over the object.
C Give the user the modify privilege on the object.
D Issue an administrative job label to the user. ---CORRECT-
ANSWER ☑️☑️☑️ B
,2|Page
Your company adopts a new end-user security awareness program. This
training includes malware introduction, social media issues, password
guidelines, data exposure, and lost devices. How often should end users
receive this training?
A once a year and upon termination
B upon new hire and once a year thereafter
C upon termination
D twice a year
E upon new hire
F once a year ---CORRECT- ANSWER ☑️☑️☑️ B
What type of event is more likely to trigger the business continuity plan
(BCP) rather than the disaster recovery plan (DRP)?
A A port-scanning event against your public servers in the DMZ
B A security breach of an administrator account
C Several users failing to remember their logon credentials
D A level 5 hurricane ---CORRECT- ANSWER ☑️☑️☑️ B
What is the IEEE standard known as port-based network access control
which is used to leverage authentication already present in a network to
validate clients connecting over hardware devices, such as wireless
access points or VPN concentrators?
,3|Page
A IEEE 802.1x
B IEEE 802.15
C IEEE 802.3
D IEEE 802.11 ---CORRECT- ANSWER ☑️☑️☑️ A
Why is change control and management used as a component of
software asset management?
A To stop changes from being implemented into an environment
B To oversee the asset procurement process
C To prevent or reduce unintended reduction in security
D To restrict the privileges assigned to compartmentalized
administrators ---CORRECT- ANSWER ☑️☑️☑️ C
What is the cost benefit equation?
A [ALE1 - ALE2] - CCM
B AES - CCMP
C total initial risk - countermeasure benefit
D AV x EF x ARO ---CORRECT- ANSWER ☑️☑️☑️ A
, 4|Page
What is the best means to restore the most current form of data when a
backup strategy is based on starting each week off with a full backup
followed by a daily differential?
A Restore the initial week's full backup and then the last differential
backup before the failure.
B Restore only the last differential backup.
C Restore the initial week's full backup and then each differential
backup up to the failure.
D Restore the last differential backup and then the week's full backup. --
-CORRECT- ANSWER ☑️☑️☑️ A
Which of the following is not considered an example of a non-
discretionary access control system?
A MAC
B ACL
C ABAC
D RBAC ---CORRECT- ANSWER ☑️☑️☑️ B
How should countermeasures be implemented as part of the recovery
phase of incident response?
WGU Course C845 Information Systems
Security (SSCP) Quizlet 2026 | Brian
MacFarlane Study Set | Updated
Questions & Answers | CISSP Prep |
WGU Exam Review
Which of the following is a symmetric algorithm?
A Diffie-Hellman
B RSA
C AES
D HMAC ---CORRECT- ANSWER ☑️☑️☑️ C
How can a user be given the power to set privileges on an object for
other users when within a DAC operating system?
A Remove special permissions for the user on the object.
B Grant the user full control over the object.
C Give the user the modify privilege on the object.
D Issue an administrative job label to the user. ---CORRECT-
ANSWER ☑️☑️☑️ B
,2|Page
Your company adopts a new end-user security awareness program. This
training includes malware introduction, social media issues, password
guidelines, data exposure, and lost devices. How often should end users
receive this training?
A once a year and upon termination
B upon new hire and once a year thereafter
C upon termination
D twice a year
E upon new hire
F once a year ---CORRECT- ANSWER ☑️☑️☑️ B
What type of event is more likely to trigger the business continuity plan
(BCP) rather than the disaster recovery plan (DRP)?
A A port-scanning event against your public servers in the DMZ
B A security breach of an administrator account
C Several users failing to remember their logon credentials
D A level 5 hurricane ---CORRECT- ANSWER ☑️☑️☑️ B
What is the IEEE standard known as port-based network access control
which is used to leverage authentication already present in a network to
validate clients connecting over hardware devices, such as wireless
access points or VPN concentrators?
,3|Page
A IEEE 802.1x
B IEEE 802.15
C IEEE 802.3
D IEEE 802.11 ---CORRECT- ANSWER ☑️☑️☑️ A
Why is change control and management used as a component of
software asset management?
A To stop changes from being implemented into an environment
B To oversee the asset procurement process
C To prevent or reduce unintended reduction in security
D To restrict the privileges assigned to compartmentalized
administrators ---CORRECT- ANSWER ☑️☑️☑️ C
What is the cost benefit equation?
A [ALE1 - ALE2] - CCM
B AES - CCMP
C total initial risk - countermeasure benefit
D AV x EF x ARO ---CORRECT- ANSWER ☑️☑️☑️ A
, 4|Page
What is the best means to restore the most current form of data when a
backup strategy is based on starting each week off with a full backup
followed by a daily differential?
A Restore the initial week's full backup and then the last differential
backup before the failure.
B Restore only the last differential backup.
C Restore the initial week's full backup and then each differential
backup up to the failure.
D Restore the last differential backup and then the week's full backup. --
-CORRECT- ANSWER ☑️☑️☑️ A
Which of the following is not considered an example of a non-
discretionary access control system?
A MAC
B ACL
C ABAC
D RBAC ---CORRECT- ANSWER ☑️☑️☑️ B
How should countermeasures be implemented as part of the recovery
phase of incident response?
