Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCCDomainsSecurity Operations
CCFree — No Signup

Security Operations

Practice CC Security Operations questions with full explanations on every answer.

45questions

Start practicing

Security Operations — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CC Domains

Security PrinciplesBusiness Continuity, Disaster Recovery, and Incident ResponseAccess Controls ConceptsSecurity OperationsNetwork SecurityBusiness Continuity, DR & Incident Response

Practice Security Operations questions

10Q20Q30Q50Q

All CC Security Operations questions (45)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

Which tier in a Security Operations Center (SOC) is primarily responsible for triaging alerts and determining whether to escalate?

2

A security analyst notices repeated failed login attempts from an internal IP address to a domain controller, followed by a successful login. Which log type is most likely to provide detailed evidence of this activity?

3

An organization must comply with PCI DSS log retention requirements. What is the minimum retention period for logs, and how long must they be immediately available for analysis?

4

A security administrator is implementing measures to protect log integrity. Which of the following is the most effective method to prevent tampering with logs after they are generated?

5

A company discovers a critical vulnerability in a widely used software application. The vendor has released a patch, but the company's patch management policy requires testing before deployment. What is the best course of action?

6

Which of the following is an indicator of a phishing email?

7

What is the primary purpose of using security baselines derived from CIS Benchmarks?

8

A SOC analyst detects a pattern of outbound traffic from an internal server to a known malicious IP address. Which SOC tier should this alert be escalated to for a deeper investigation?

9

An organization has a legacy system that cannot be patched due to vendor end-of-life. Which compensating control is most effective at reducing the risk of exploitation via network-based attacks?

10

Which of the following is a key function of a Security Information and Event Management (SIEM) system?

11

An employee receives an email from the CEO asking for an urgent wire transfer to a new vendor. The email address is slightly misspelled. What type of attack is this?

12

A configuration management tool detects that a critical server's security settings have changed from the approved baseline. What is the first action the security team should take?

13

An organization is implementing a security awareness program. Which THREE topics should be included to address common social engineering attacks? (Select THREE)

14

A SOC analyst is investigating a potential data exfiltration incident. Which TWO log sources would be most useful for identifying outbound data transfers? (Select TWO)

15

A security engineer is designing a patch management process. Which TWO steps are part of the standard patch lifecycle? (Select TWO)

16

A Security Operations Center (SOC) Tier 1 analyst notices an alert for a failed login attempt from an unusual geographic location. What is the primary responsibility of a Tier 1 analyst in this scenario?

17

A company's SIEM solution aggregates logs from various sources and generates an alert when multiple failed logins occur within a short timeframe. Which log source is most likely to provide the data for this alert?

18

An organization needs to retain authentication logs for compliance with PCI DSS. What is the minimum retention period required, and how long must the logs be immediately available?

19

A security analyst needs to ensure that log data cannot be altered after it is written. Which of the following is the most effective method to protect log integrity?

20

During a patch management cycle, a new vulnerability is disclosed in a widely used web server software. What is the first step an organization should take in the patch lifecycle?

21

A critical zero-day vulnerability is actively being exploited in the wild, affecting an organization's internet-facing application. Which patching approach should be taken?

22

A legacy system cannot be patched due to vendor unavailability. Which compensating control would be most effective in reducing the risk of exploitation?

23

An employee receives an email from an unknown sender claiming to be from the IT department, asking for their password to perform an urgent system update. What type of social engineering attack is this?

24

Which of the following is the most effective way to prevent tailgating in a secured facility?

25

An organization wants to ensure that all workstations are configured according to a hardened baseline. Which process detects when a workstation deviates from this baseline?

26

A SOC analyst reviews a SIEM alert indicating a high volume of outbound traffic from a server to an external IP address known for command-and-control activity. The analyst has confirmed the alert is not a false positive. What is the most appropriate next step?

27

Which of the following is an indicator of a phishing email?

28

A security analyst is reviewing firewall logs and notices an unusually high number of blocked outbound connections to a single external IP address. Which TWO actions should the analyst take to investigate this potential security incident? (Choose two.)

29

An organization is implementing a security baseline for new servers. Which THREE components are typically included in a hardened baseline configuration? (Choose three.)

30

A security awareness trainer is developing material on USB drop attacks. Which TWO messages should be included in the training? (Choose two.)

31

A security analyst at a Security Operations Centre (SOC) receives an alert from the SIEM indicating multiple failed login attempts for a user account followed by a successful login from an unusual geographic location. According to SOC tier responsibilities, which tier should perform the initial triage of this alert?

32

An organization must retain authentication logs for compliance with PCI DSS. What is the minimum retention period and the requirement for immediate availability?

33

A critical vulnerability is discovered in a widely used VPN appliance that is actively being exploited in the wild. The vendor has released an emergency patch. However, the organization's patch management policy requires testing in a staging environment before production deployment. What should the security team do?

34

An employee receives an email that appears to be from the CEO requesting an urgent wire transfer to a new vendor. The email contains several grammatical errors and the sender's address is slightly misspelled. What type of security incident is this?

35

To protect the integrity of log files, which of the following is a best practice?

36

A SOC analyst notices a large spike in outbound traffic from a workstation that is not scheduled for any data transfers. Upon checking the SIEM, the analyst sees that the workstation's antivirus was disabled 30 minutes ago. What type of logs should the analyst examine first to understand the sequence of events?

37

An organization implements a security baseline using CIS Benchmarks for all new servers. After a routine scan, a server is found to have a configuration that deviates from the baseline. The deviation was introduced by a system administrator to resolve a performance issue. What is the best course of action?

38

Which type of log should be monitored to detect a user account that has been granted administrative privileges unexpectedly?

39

What is the primary purpose of a Security Information and Event Management (SIEM) system?

40

An organization has a legacy system that cannot be patched due to vendor end-of-life. The system is critical for operations. Which compensating control is most appropriate to reduce the risk of exploitation?

41

An organization is planning to implement a security awareness program. Which TWO topics should be included to address common social engineering attacks?

42

A SOC team is reviewing security controls for a new critical application. Which THREE of the following are essential components of a security operations capability?

43

After a security incident, an investigator needs to analyze logs to determine the timeline of events. Which TWO types of logs are most likely to provide evidence of lateral movement within the network?

44

Which TWO of the following are common indicators of a phishing email?

45

An organization is implementing a patch management policy. Which THREE steps are part of the standard patch lifecycle?

Practice all 45 Security Operations questions

Other CC exam domains

Security PrinciplesBusiness Continuity, Disaster Recovery, and Incident ResponseAccess Controls ConceptsNetwork SecurityBusiness Continuity, DR & Incident Response

Frequently asked questions

What does the Security Operations domain cover on the CC exam?

The Security Operations domain covers the key concepts tested in this area of the CC exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CC domains — no account required.

How many Security Operations questions are in the CC question bank?

The Courseiva CC question bank contains 45 questions in the Security Operations domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Security Operations for CC?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Security Operations questions for CC?

Yes — the session launcher on this page draws questions exclusively from the Security Operations domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CC domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

SY0-701CISSPSSCP