Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›SSCP›Objectives›Access Controls
Objective 2.0

Access Controls

SSCP Practice Questions

Use this page to practise ACL questions. The most common mistake is ignoring ACL direction — an ACL applied inbound and outbound behaves very differently even with identical rules.

Full Practice Test →All Objectives

What this objective tests

SSCP Access Controls — Key Topics

ACL questions usually test top-down rule processing, source and destination matching, protocol or port logic, and where the ACL should be applied.

  • Standard versus extended ACL behaviour.
  • Top-down processing and the implicit deny rule.
  • Source, destination, protocol and port matching.
  • Inbound versus outbound ACL placement on the correct interface.

Common exam traps

Where candidates lose marks on Access Controls

  • ⚠ACLs are processed from top to bottom; the first match wins.
  • ⚠There is an implicit deny at the end of every ACL.
  • ⚠Standard ACLs match source only; extended ACLs can match protocol, source, destination and ports.
  • ⚠Applying an ACL in the wrong direction makes a correct ACL look broken.

SSCP Access Controls — Practice Questions

30 questions from this objective

Question 2easymultiple choice
Full question →

A system administrator needs to implement a control that ensures users can only access files necessary for their job functions. Which principle is being applied?

Question 3mediummultiple choice
Full question →

An organization wants to implement an access control model where data owners decide who can access resources. Which model should they choose?

Question 4hardmultiple choice
Full question →

During a security audit, it is discovered that a developer has direct access to production databases. The policy requires that changes be reviewed and deployed by a separate team. Which control is being violated?

Question 5easymultiple choice
Read the full NAT/PAT explanation →

An administrator notices that a terminated employee's account is still active. Which access control process was likely skipped?

Question 6mediummultiple choice
Full question →

A company uses an identity management system that requires users to authenticate using a smart card and a PIN. This is an example of:

Question 7hardmultiple choice
Full question →

An organization is implementing an access control system where access decisions are based on the sensitivity of the resource and the clearance of the user. Which model is being used?

Question 8easymultiple choice
Full question →

A security policy requires that all access to sensitive data be logged. Which access control function does this support?

Question 9mediummultiple choice
Full question →

A user reports that they cannot access a network share. The administrator checks the share permissions and NTFS permissions. The share permission allows Everyone: Read, and the NTFS permission allows the user: Full Control. What is the user's effective access?

Question 10hardmultiple choice
Full question →

An organization wants to implement a centralized authentication system that supports single sign-on and uses tickets. Which technology should they choose?

Question 11mediummulti select
Full question →

Which TWO of the following are examples of biometric authentication? (Choose two.)

Question 12hardmulti select
Full question →

Which THREE are appropriate controls to prevent unauthorized access to a data center? (Choose three.)

Question 13easymulti select
Study the full AAA explanation →

Which TWO are components of the AAA framework? (Choose two.)

Question 14hardmultiple choice
Read the full VPN explanation →

You are the security administrator for a healthcare organization that uses a Windows Active Directory domain. The organization has recently implemented a new electronic health record (EHR) system that requires users to authenticate before accessing patient data. The EHR system uses Kerberos for authentication. Users report that they can access the EHR system from their office workstations, but when they attempt to access it remotely via VPN, they receive an 'Access Denied' error. The VPN uses RADIUS for authentication and assigns IP addresses from a separate subnet. The EHR server is in the same domain as the workstations. You verify that the users are able to connect to the VPN successfully and can access other internal resources. What is the most likely cause of the issue?

Question 15mediummultiple choice
Full question →

You are a security analyst at a financial institution. The company uses a role-based access control (RBAC) system for its internal banking application. Recently, the compliance team discovered that a teller, who should only have access to customer account information for their branch, was able to view account details for customers in other branches. The RBAC system assigns roles based on job titles. You review the configuration and find that the 'Teller' role has a permission that allows viewing all customer accounts, regardless of branch. The company wants to enforce branch-level restrictions. Which of the following is the best approach to address this issue?

Question 16mediumdrag order
Full question →

Drag and drop the steps for configuring a Windows Firewall rule to allow inbound RDP traffic into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 17mediummatching
Full question →

Match each authentication factor to its category.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Something you know

Something you have

Something you are

Something you do

Question 18easymultiple choice
Full question →

A help desk technician needs to reset a user's password but should not be able to modify other user attributes. Which access control principle should be applied to enforce this restriction?

Question 19mediummultiple choice
Full question →

A company uses role-based access control (RBAC). A user is assigned to the 'Sales' role, which grants access to CRM and reporting, and also to the 'Sales Manager' role, which grants additional access to team reports. However, the user cannot access team reports. What is the most likely cause?

Question 20hardmultiple choice
Read the full NAT/PAT explanation →

An organization implements an attribute-based access control (ABAC) system with the following policy: if user.role == 'doctor' and resource.type == 'patient_record' and environment.time between 08:00-18:00 then permit. A doctor tries to access a patient record at 20:00. What is the result?

Question 21easymultiple choice
Full question →

Which access control model is best suited for a military environment where data classification (Unclassified, Confidential, Secret, Top Secret) and subject clearance levels are the primary factors for access decisions?

Question 22mediummultiple choice
Full question →

A user reports they can now access files in a shared drive that were previously denied. Upon investigation, the IT team discovers the user was added to a new group that has read/write permissions to the drive. This situation is best described as:

Question 23hardmultiple choice
Read the full NAT/PAT explanation →

A company uses a federated identity system where partner employees access internal applications via SAML assertions. Recently, a partner employee who should have been terminated was still able to log in. Which missing control is the most likely root cause?

Question 24easymultiple choice
Full question →

An administrator wants to ensure that users cannot share passwords. Which control is most effective at reducing the risk of password sharing?

Question 25mediummultiple choice
Full question →

A database audit log shows that a user ran a query retrieving all customer records. The user's job role only requires access to view their own assigned customers. Which access control concept has been violated?

Question 26hardmultiple choice
Full question →

An organization uses mandatory access control (MAC) with the Bell-LaPadula model. A subject has a clearance of 'Secret' and an object has a classification of 'Top Secret'. What is the result if the subject attempts to read the object?

Question 27easymulti select
Full question →

Which TWO of the following are examples of multifactor authentication? (Choose two.)

Question 28mediummulti select
Full question →

Which TWO are valid reasons to revoke a user's access? (Choose two.)

Question 29hardmulti select
Full question →

Which THREE are required components of a core role-based access control (RBAC) system according to NIST? (Choose three.)

Question 30easymultiple choice
Full question →

Based on the exhibit, what type of attack is most likely occurring?

Exhibit

Refer to the exhibit. The following is from a Windows security log:
Event ID 4625 (Logon Failure)
Account Name: multiple different usernames
Source Network Address: 10.10.10.10
Failure Reason: Unknown user name or bad password.
Multiple such entries appear within a short time span, each with a different username but the same source IP.
Question 31mediummultiple choice
Full question →

Which access control mechanism most likely failed to prevent this unauthorized privilege escalation?

Exhibit

Refer to the exhibit. The following is from /var/log/secure on a Linux server:
Jan 21 09:15:30 server sshd[1234]: Failed password for invalid user admin from 192.168.1.1 port 22 ssh2
Jan 21 09:15:31 server sshd[1235]: Failed password for invalid user root from 192.168.1.1 port 22 ssh2
... (multiple similar lines)
Jan 21 09:20:01 server su[5678]: pam_unix(su:session): session opened for user root by john(uid=1000)
The failed attempts are all from the same IP, and then user 'john' successfully runs `su` to root.

More Access Controls questions available in the full practice test.

Continue Practising →

Next objective

Cryptography

→

All SSCP Objectives

  • 2.Access Controls
  • 5.Cryptography