Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security Operations practice sets

ISC2 CC Security Operations • Complete Question Bank

ISC2 CC Security Operations — All Questions With Answers

Complete ISC2 CC Security Operations question bank — all 0 questions with answers and detailed explanations.

45
Questions
Free
No signup
Certifications/ISC2 CC/Practice Test/Security Operations/All Questions
Question 1easymultiple choice
Read the full Security Operations explanation →

Which tier in a Security Operations Center (SOC) is primarily responsible for triaging alerts and determining whether to escalate?

Question 2mediummultiple choice
Read the full Security Operations explanation →

A security analyst notices repeated failed login attempts from an internal IP address to a domain controller, followed by a successful login. Which log type is most likely to provide detailed evidence of this activity?

Question 3mediummultiple choice
Read the full Security Operations explanation →

An organization must comply with PCI DSS log retention requirements. What is the minimum retention period for logs, and how long must they be immediately available for analysis?

Question 4hardmultiple choice
Read the full Security Operations explanation →

A security administrator is implementing measures to protect log integrity. Which of the following is the most effective method to prevent tampering with logs after they are generated?

Question 5mediummultiple choice
Read the full Security Operations explanation →

A company discovers a critical vulnerability in a widely used software application. The vendor has released a patch, but the company's patch management policy requires testing before deployment. What is the best course of action?

Question 6easymultiple choice
Read the full Security Operations explanation →

Which of the following is an indicator of a phishing email?

Question 7mediummultiple choice
Read the full Security Operations explanation →

What is the primary purpose of using security baselines derived from CIS Benchmarks?

Question 8mediummultiple choice
Read the full Security Operations explanation →

A SOC analyst detects a pattern of outbound traffic from an internal server to a known malicious IP address. Which SOC tier should this alert be escalated to for a deeper investigation?

Question 9hardmultiple choice
Read the full Security Operations explanation →

An organization has a legacy system that cannot be patched due to vendor end-of-life. Which compensating control is most effective at reducing the risk of exploitation via network-based attacks?

Question 10easymultiple choice
Read the full Security Operations explanation →

Which of the following is a key function of a Security Information and Event Management (SIEM) system?

Question 11mediummultiple choice
Read the full Security Operations explanation →

An employee receives an email from the CEO asking for an urgent wire transfer to a new vendor. The email address is slightly misspelled. What type of attack is this?

Question 12hardmultiple choice
Read the full Security Operations explanation →

A configuration management tool detects that a critical server's security settings have changed from the approved baseline. What is the first action the security team should take?

Question 13mediummulti select
Read the full Security Operations explanation →

An organization is implementing a security awareness program. Which THREE topics should be included to address common social engineering attacks? (Select THREE)

Question 14mediummulti select
Read the full Security Operations explanation →

A SOC analyst is investigating a potential data exfiltration incident. Which TWO log sources would be most useful for identifying outbound data transfers? (Select TWO)

Question 15hardmulti select
Read the full Security Operations explanation →

A security engineer is designing a patch management process. Which TWO steps are part of the standard patch lifecycle? (Select TWO)

Question 16easymultiple choice
Read the full Security Operations explanation →

A Security Operations Center (SOC) Tier 1 analyst notices an alert for a failed login attempt from an unusual geographic location. What is the primary responsibility of a Tier 1 analyst in this scenario?

Question 17mediummultiple choice
Read the full Security Operations explanation →

A company's SIEM solution aggregates logs from various sources and generates an alert when multiple failed logins occur within a short timeframe. Which log source is most likely to provide the data for this alert?

Question 18mediummultiple choice
Read the full Security Operations explanation →

An organization needs to retain authentication logs for compliance with PCI DSS. What is the minimum retention period required, and how long must the logs be immediately available?

Question 19hardmultiple choice
Read the full Security Operations explanation →

A security analyst needs to ensure that log data cannot be altered after it is written. Which of the following is the most effective method to protect log integrity?

Question 20easymultiple choice
Read the full Security Operations explanation →

During a patch management cycle, a new vulnerability is disclosed in a widely used web server software. What is the first step an organization should take in the patch lifecycle?

Question 21mediummultiple choice
Read the full Security Operations explanation →

A critical zero-day vulnerability is actively being exploited in the wild, affecting an organization's internet-facing application. Which patching approach should be taken?

Question 22hardmultiple choice
Read the full Security Operations explanation →

A legacy system cannot be patched due to vendor unavailability. Which compensating control would be most effective in reducing the risk of exploitation?

Question 23easymultiple choice
Read the full Security Operations explanation →

An employee receives an email from an unknown sender claiming to be from the IT department, asking for their password to perform an urgent system update. What type of social engineering attack is this?

Question 24mediummultiple choice
Read the full Security Operations explanation →

Which of the following is the most effective way to prevent tailgating in a secured facility?

Question 25mediummultiple choice
Read the full Security Operations explanation →

An organization wants to ensure that all workstations are configured according to a hardened baseline. Which process detects when a workstation deviates from this baseline?

Question 26hardmultiple choice
Read the full Security Operations explanation →

A SOC analyst reviews a SIEM alert indicating a high volume of outbound traffic from a server to an external IP address known for command-and-control activity. The analyst has confirmed the alert is not a false positive. What is the most appropriate next step?

Question 27easymultiple choice
Read the full Security Operations explanation →

Which of the following is an indicator of a phishing email?

Question 28mediummulti select
Read the full Security Operations explanation →

A security analyst is reviewing firewall logs and notices an unusually high number of blocked outbound connections to a single external IP address. Which TWO actions should the analyst take to investigate this potential security incident? (Choose two.)

Question 29hardmulti select
Read the full Security Operations explanation →

An organization is implementing a security baseline for new servers. Which THREE components are typically included in a hardened baseline configuration? (Choose three.)

Question 30mediummulti select
Read the full Security Operations explanation →

A security awareness trainer is developing material on USB drop attacks. Which TWO messages should be included in the training? (Choose two.)

Question 31easymultiple choice
Read the full Security Operations explanation →

A security analyst at a Security Operations Centre (SOC) receives an alert from the SIEM indicating multiple failed login attempts for a user account followed by a successful login from an unusual geographic location. According to SOC tier responsibilities, which tier should perform the initial triage of this alert?

Question 32mediummultiple choice
Read the full Security Operations explanation →

An organization must retain authentication logs for compliance with PCI DSS. What is the minimum retention period and the requirement for immediate availability?

Question 33hardmultiple choice
Read the full VPN explanation →

A critical vulnerability is discovered in a widely used VPN appliance that is actively being exploited in the wild. The vendor has released an emergency patch. However, the organization's patch management policy requires testing in a staging environment before production deployment. What should the security team do?

Question 34mediummultiple choice
Read the full Security Operations explanation →

An employee receives an email that appears to be from the CEO requesting an urgent wire transfer to a new vendor. The email contains several grammatical errors and the sender's address is slightly misspelled. What type of security incident is this?

Question 35easymultiple choice
Read the full Security Operations explanation →

To protect the integrity of log files, which of the following is a best practice?

Question 36mediummultiple choice
Read the full Security Operations explanation →

A SOC analyst notices a large spike in outbound traffic from a workstation that is not scheduled for any data transfers. Upon checking the SIEM, the analyst sees that the workstation's antivirus was disabled 30 minutes ago. What type of logs should the analyst examine first to understand the sequence of events?

Question 37hardmultiple choice
Read the full Security Operations explanation →

An organization implements a security baseline using CIS Benchmarks for all new servers. After a routine scan, a server is found to have a configuration that deviates from the baseline. The deviation was introduced by a system administrator to resolve a performance issue. What is the best course of action?

Question 38mediummultiple choice
Read the full Security Operations explanation →

Which type of log should be monitored to detect a user account that has been granted administrative privileges unexpectedly?

Question 39easymultiple choice
Read the full Security Operations explanation →

What is the primary purpose of a Security Information and Event Management (SIEM) system?

Question 40hardmultiple choice
Read the full Security Operations explanation →

An organization has a legacy system that cannot be patched due to vendor end-of-life. The system is critical for operations. Which compensating control is most appropriate to reduce the risk of exploitation?

Question 41mediummulti select
Read the full Security Operations explanation →

An organization is planning to implement a security awareness program. Which TWO topics should be included to address common social engineering attacks?

Question 42mediummulti select
Read the full Security Operations explanation →

A SOC team is reviewing security controls for a new critical application. Which THREE of the following are essential components of a security operations capability?

Question 43hardmulti select
Read the full Security Operations explanation →

After a security incident, an investigator needs to analyze logs to determine the timeline of events. Which TWO types of logs are most likely to provide evidence of lateral movement within the network?

Question 44easymulti select
Read the full Security Operations explanation →

Which TWO of the following are common indicators of a phishing email?

Question 45mediummulti select
Read the full Security Operations explanation →

An organization is implementing a patch management policy. Which THREE steps are part of the standard patch lifecycle?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

ISC2 CC Practice Test 1 — 25 Questions→ISC2 CC Practice Test 2 — 25 Questions→ISC2 CC Practice Test 3 — 25 Questions→ISC2 CC Practice Test 4 — 25 Questions→ISC2 CC Practice Test 5 — 25 Questions→ISC2 CC Practice Exam 1 — 20 Questions→ISC2 CC Practice Exam 2 — 20 Questions→ISC2 CC Practice Exam 3 — 20 Questions→ISC2 CC Practice Exam 4 — 20 Questions→Free ISC2 CC Practice Test 1 — 30 Questions→Free ISC2 CC Practice Test 2 — 30 Questions→Free ISC2 CC Practice Test 3 — 30 Questions→ISC2 CC Practice Questions 1 — 50 Questions→ISC2 CC Practice Questions 2 — 50 Questions→ISC2 CC Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security PrinciplesBusiness Continuity, Disaster Recovery, and Incident ResponseAccess Controls ConceptsSecurity OperationsNetwork SecurityBusiness Continuity, DR & Incident Response

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security Operations setsAll Security Operations questionsISC2 CC Practice Hub