Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Access Controls practice sets

SSCP Access Controls • Complete Question Bank

SSCP Access Controls — All Questions With Answers

Complete SSCP Access Controls question bank — all 0 questions with answers and detailed explanations.

66
Questions
Free
No signup
Certifications/SSCP/Practice Test/Access Controls/All Questions
Question 1easymultiple choice
Read the full Access Controls explanation →

A system administrator needs to implement a control that ensures users can only access files necessary for their job functions. Which principle is being applied?

Question 2mediummultiple choice
Read the full Access Controls explanation →

An organization wants to implement an access control model where data owners decide who can access resources. Which model should they choose?

Question 3hardmultiple choice
Read the full Access Controls explanation →

During a security audit, it is discovered that a developer has direct access to production databases. The policy requires that changes be reviewed and deployed by a separate team. Which control is being violated?

Question 4easymultiple choice
Read the full NAT/PAT explanation →

An administrator notices that a terminated employee's account is still active. Which access control process was likely skipped?

Question 5mediummultiple choice
Read the full Access Controls explanation →

A company uses an identity management system that requires users to authenticate using a smart card and a PIN. This is an example of:

Question 6hardmultiple choice
Read the full Access Controls explanation →

An organization is implementing an access control system where access decisions are based on the sensitivity of the resource and the clearance of the user. Which model is being used?

Question 7easymultiple choice
Read the full Access Controls explanation →

A security policy requires that all access to sensitive data be logged. Which access control function does this support?

Question 8mediummultiple choice
Read the full Access Controls explanation →

A user reports that they cannot access a network share. The administrator checks the share permissions and NTFS permissions. The share permission allows Everyone: Read, and the NTFS permission allows the user: Full Control. What is the user's effective access?

Question 9hardmultiple choice
Read the full Access Controls explanation →

An organization wants to implement a centralized authentication system that supports single sign-on and uses tickets. Which technology should they choose?

Question 10mediummulti select
Read the full Access Controls explanation →

Which TWO of the following are examples of biometric authentication? (Choose two.)

Question 11hardmulti select
Read the full Access Controls explanation →

Which THREE are appropriate controls to prevent unauthorized access to a data center? (Choose three.)

Question 12easymulti select
Study the full AAA explanation →

Which TWO are components of the AAA framework? (Choose two.)

Question 13hardmultiple choice
Read the full VPN explanation →

You are the security administrator for a healthcare organization that uses a Windows Active Directory domain. The organization has recently implemented a new electronic health record (EHR) system that requires users to authenticate before accessing patient data. The EHR system uses Kerberos for authentication. Users report that they can access the EHR system from their office workstations, but when they attempt to access it remotely via VPN, they receive an 'Access Denied' error. The VPN uses RADIUS for authentication and assigns IP addresses from a separate subnet. The EHR server is in the same domain as the workstations. You verify that the users are able to connect to the VPN successfully and can access other internal resources. What is the most likely cause of the issue?

Question 14mediummultiple choice
Read the full Access Controls explanation →

You are a security analyst at a financial institution. The company uses a role-based access control (RBAC) system for its internal banking application. Recently, the compliance team discovered that a teller, who should only have access to customer account information for their branch, was able to view account details for customers in other branches. The RBAC system assigns roles based on job titles. You review the configuration and find that the 'Teller' role has a permission that allows viewing all customer accounts, regardless of branch. The company wants to enforce branch-level restrictions. Which of the following is the best approach to address this issue?

Question 15mediumdrag order
Read the full Access Controls explanation →

Drag and drop the steps for configuring a Windows Firewall rule to allow inbound RDP traffic into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 16mediummatching
Read the full Access Controls explanation →

Match each authentication factor to its category.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Something you know

Something you have

Something you are

Something you do

Question 17easymultiple choice
Read the full Access Controls explanation →

A help desk technician needs to reset a user's password but should not be able to modify other user attributes. Which access control principle should be applied to enforce this restriction?

Question 18mediummultiple choice
Read the full Access Controls explanation →

A company uses role-based access control (RBAC). A user is assigned to the 'Sales' role, which grants access to CRM and reporting, and also to the 'Sales Manager' role, which grants additional access to team reports. However, the user cannot access team reports. What is the most likely cause?

Question 19hardmultiple choice
Read the full NAT/PAT explanation →

An organization implements an attribute-based access control (ABAC) system with the following policy: if user.role == 'doctor' and resource.type == 'patient_record' and environment.time between 08:00-18:00 then permit. A doctor tries to access a patient record at 20:00. What is the result?

Question 20easymultiple choice
Read the full Access Controls explanation →

Which access control model is best suited for a military environment where data classification (Unclassified, Confidential, Secret, Top Secret) and subject clearance levels are the primary factors for access decisions?

Question 21mediummultiple choice
Read the full Access Controls explanation →

A user reports they can now access files in a shared drive that were previously denied. Upon investigation, the IT team discovers the user was added to a new group that has read/write permissions to the drive. This situation is best described as:

Question 22hardmultiple choice
Read the full NAT/PAT explanation →

A company uses a federated identity system where partner employees access internal applications via SAML assertions. Recently, a partner employee who should have been terminated was still able to log in. Which missing control is the most likely root cause?

Question 23easymultiple choice
Read the full Access Controls explanation →

An administrator wants to ensure that users cannot share passwords. Which control is most effective at reducing the risk of password sharing?

Question 24mediummultiple choice
Read the full Access Controls explanation →

A database audit log shows that a user ran a query retrieving all customer records. The user's job role only requires access to view their own assigned customers. Which access control concept has been violated?

Question 25hardmultiple choice
Read the full Access Controls explanation →

An organization uses mandatory access control (MAC) with the Bell-LaPadula model. A subject has a clearance of 'Secret' and an object has a classification of 'Top Secret'. What is the result if the subject attempts to read the object?

Question 26easymulti select
Read the full Access Controls explanation →

Which TWO of the following are examples of multifactor authentication? (Choose two.)

Question 27mediummulti select
Read the full Access Controls explanation →

Which TWO are valid reasons to revoke a user's access? (Choose two.)

Question 28hardmulti select
Read the full Access Controls explanation →

Which THREE are required components of a core role-based access control (RBAC) system according to NIST? (Choose three.)

Question 29easymultiple choice
Read the full Access Controls explanation →

Based on the exhibit, what type of attack is most likely occurring?

Exhibit

Refer to the exhibit. The following is from a Windows security log:
Event ID 4625 (Logon Failure)
Account Name: multiple different usernames
Source Network Address: 10.10.10.10
Failure Reason: Unknown user name or bad password.
Multiple such entries appear within a short time span, each with a different username but the same source IP.
Question 30mediummultiple choice
Read the full Access Controls explanation →

Which access control mechanism most likely failed to prevent this unauthorized privilege escalation?

Exhibit

Refer to the exhibit. The following is from /var/log/secure on a Linux server:
Jan 21 09:15:30 server sshd[1234]: Failed password for invalid user admin from 192.168.1.1 port 22 ssh2
Jan 21 09:15:31 server sshd[1235]: Failed password for invalid user root from 192.168.1.1 port 22 ssh2
... (multiple similar lines)
Jan 21 09:20:01 server su[5678]: pam_unix(su:session): session opened for user root by john(uid=1000)
The failed attempts are all from the same IP, and then user 'john' successfully runs `su` to root.
Question 31hardmultiple choice
Read the full Access Controls explanation →

Based on the exhibit, if the user attempts to upload (put) a file to the S3 bucket corporate-data, what is the result?

Exhibit

Refer to the exhibit. The following IAM policy is attached to a user:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::corporate-data/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::corporate-data/*"
    }
  ]
}
Question 32mediummultiple choice
Read the full NAT/PAT explanation →

A healthcare organization is implementing an access control system to ensure that employees can only access patient records necessary for their job functions. Which model best enforces this principle?

Question 33hardmultiple choice
Read the full Access Controls explanation →

A Linux server administrator configures SSH key-based authentication for user 'admin'. The authentication fails with the error 'Authentication refused: bad permissions' in the logs. What is the most likely cause?

Question 34easymultiple choice
Read the full Access Controls explanation →

An organization uses smart cards combined with a PIN to access secure facilities. This is an example of which type of authentication factor?

Question 35mediummultiple choice
Read the full Access Controls explanation →

The security team discovers that a user in the finance department can read files in the human resources share. The share permissions on the HR folder are set to deny all except the HR group, and the user is not a member of HR. What is the most likely cause?

Question 36hardmultiple choice
Read the full Access Controls explanation →

A Windows workstation is unable to authenticate to a Kerberos-based application. The time on the workstation is 5 minutes ahead of the domain controller. What is the impact?

Question 37easymultiple choice
Read the full Access Controls explanation →

In which access control model does the owner of a resource have full discretion over who can access it and with what permissions?

Question 38mediummultiple choice
Read the full Access Controls explanation →

A military system uses mandatory access control with classifications Unclassified, Confidential, Secret, and Top Secret. A user with Secret clearance attempts to read a file labeled Top Secret. What will occur?

Question 39hardmultiple choice
Read the full Access Controls explanation →

An organization implements a policy that the same individual cannot both create a purchase order and approve it in the financial system. Which security principle does this control primarily enforce?

Question 40mediummultiple choice
Read the full Access Controls explanation →

A cloud application uses OAuth 2.0 to authorize a third-party app to access user data. What is the primary purpose of the access token issued by the authorization server?

Question 41mediummulti select
Read the full Access Controls explanation →

Which two commands can be used to modify existing file permissions on a Linux system? (Select TWO)

Question 42hardmulti select
Read the full Access Controls explanation →

Which three statements are true regarding mandatory access control (MAC) systems? (Select THREE)

Question 43mediummulti select
Read the full Access Controls explanation →

Which two components are integral to a Kerberos authentication system? (Select TWO)

Question 44mediummultiple choice
Read the full Access Controls explanation →

Refer to the exhibit. A user reports being unable to remote desktop (RDP) into a Windows server. Given the event log, what is the most likely cause?

Exhibit

Event 4625, Microsoft-Windows-Security-Auditing
Account For Which Logon Failed:
    Security ID:        S-1-5-21-123456789-123456789-123456789-1105
    Account Name:       jdoe
    Account Domain:     CORP
Failure Information:
    Failure Reason:     The user has not been granted the requested logon type at this computer.
    Status:             0xC000015B
    Sub Status:         0x0
Question 45hardmultiple choice
Read the full Access Controls explanation →

Refer to the exhibit. User bob, a member of the projectdev group, attempts to create a new file in /data/project but gets 'Permission denied'. What is the most likely reason?

Exhibit

[user@server ~]$ getfacl /data/project
# file: /data/project
getfacl: Removing leading '/' from absolute path names
# owner: projectadmin
# group: projectdev
user::rwx
user:alice:rwx
group::r-x
mask::rwx
other::---
Question 46mediummultiple choice
Read the full Access Controls explanation →

Refer to the exhibit. A security analyst reviews this AWS IAM policy and notices that delete operations on objects in the corporate-bucket are being denied unexpectedly. What is the most likely issue?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "s3:DeleteObject",
      "Resource": "arn:aws:s3:::corporate-bucket/*",
      "Condition": {
        "StringNotEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "s3:DeleteObject",
      "Resource": "arn:aws:s3:::corporate-bucket/*"
    }
  ]
}
Question 47easymultiple choice
Read the full Access Controls explanation →

A system administrator needs to assign permissions to a new employee who will be performing database backups. The employee should only be able to execute the backup command but not read or modify the data. Which access control principle should be applied?

Question 48easymultiple choice
Read the full Access Controls explanation →

An organization uses role-based access control (RBAC). An employee transfers from the Sales department to the Marketing department. What is the most secure way to update the employee's access?

Question 49mediummultiple choice
Read the full Access Controls explanation →

A security analyst notices that a user’s account has been used to access sensitive files at 3:00 AM from an IP address outside the company’s country. The analyst suspects a compromised account. Which action should be taken FIRST?

Question 50mediummultiple choice
Read the full Access Controls explanation →

A company implements mandatory access control (MAC) on its classified document system. A user with a security clearance of Secret attempts to read a document labeled Top Secret. What happens?

Question 51mediummultiple choice
Read the full Access Controls explanation →

An administrator configures a Kerberos authentication system. After implementation, users are able to authenticate but cannot access network resources. The administrator verifies that the client time is synchronized with the KDC. What is the most likely cause?

Question 52hardmultiple choice
Read the full Access Controls explanation →

A healthcare organization must comply with HIPAA and requires that access to electronic protected health information (ePHI) be logged and audited. They consider using an identity management system that supports single sign-on (SSO). What is the PRIMARY security concern with SSO in this environment?

Question 53hardmultiple choice
Read the full Access Controls explanation →

An organization uses attribute-based access control (ABAC) for its cloud storage. The policy states that a user can read a document only if the user’s department attribute matches the document’s department attribute AND the current time is within business hours (9AM-5PM). A user from Engineering tries to read a document classified for Engineering at 8:55 AM. What is the expected result?

Question 54easymultiple choice
Read the full Access Controls explanation →

A company wants to implement a policy where no single individual can approve a purchase order and also receive the goods. Which access control principle does this enforce?

Question 55hardmultiple choice
Read the full Access Controls explanation →

During an audit, it is discovered that a contractor’s account has read access to a financial database even though the contractor’s project ended six months ago. Which type of access control failure is this?

Question 56mediummulti select
Read the full Access Controls explanation →

Which TWO of the following are characteristics of mandatory access control (MAC)?

Question 57mediummulti select
Read the full Access Controls explanation →

Which TWO of the following are best practices for password management?

Question 58hardmulti select
Read the full Access Controls explanation →

Which THREE of the following are common methods for implementing multifactor authentication (MFA)?

Question 59hardmultiple choice
Read the full Access Controls explanation →

You are the security administrator for a mid-sized financial services company. The company uses Active Directory (AD) for identity management and has implemented role-based access control (RBAC) for its core banking application. Recently, the company acquired a smaller firm and is integrating its employees into AD. During the integration, you notice that many of the new employees have been assigned multiple roles that grant them access to sensitive financial data, despite their job descriptions indicating they need only limited access. Additionally, some users who left the acquired company have not been disabled in AD. The company's security policy mandates the principle of least privilege and requires that access reviews be conducted quarterly, but no review has been performed in the past year. You have been tasked with remediating these issues. Which of the following approaches is the MOST effective initial step to address the immediate risk of excessive access?

Question 60easymultiple choice
Read the full Access Controls explanation →

A small business wants to implement an access control system where employees can access files based on their department (e.g., HR, Finance). They want simplicity and ease of administration. Which access control model is BEST suited?

Question 61mediummultiple choice
Read the full Access Controls explanation →

A company needs to ensure that when an employee leaves the organization, their accounts are disabled promptly to prevent unauthorized access. Which approach is MOST effective for timely account deactivation?

Question 62mediummulti select
Read the full Access Controls explanation →

Which TWO of the following are characteristics of a Mandatory Access Control (MAC) system?

Question 63hardmultiple choice
Read the full Access Controls explanation →

A large financial institution has deployed a new web application for customer account management. The application uses role-based access control (RBAC) with roles such as Customer, Teller, Manager, and Admin. Recently, an audit revealed that a Teller was able to view and modify account details belonging to customers outside their assigned branch. The application authenticates users via the corporate Active Directory and uses AD groups for role mapping. The Teller's AD group membership was verified to be correct. The security team suspects a flaw in the authorization logic. Which of the following is the MOST likely root cause?

Question 64mediummultiple choice
Read the full NAT/PAT explanation →

A hospital is implementing an access control system for its electronic health record (EHR) system. The system must comply with HIPAA regulations, which require that access to patient records is limited to personnel who need it to perform their job duties. The hospital has many roles: doctors, nurses, lab technicians, and administrative staff. Each role can access different types of records. The system currently uses a DAC model where each user sets permissions on their own files. However, a recent risk assessment identified that some nurses have been sharing their accounts with each other to access records outside their unit. The hospital wants to implement a more restrictive model that enforces access based on job roles and prevents sharing of accounts. Which access control model should the hospital adopt?

Question 65easymultiple choice
Read the full Access Controls explanation →

A small company with 50 employees uses a local file server for sharing documents. Each employee has a username and password for authentication. The company wants to implement an additional layer of security to protect sensitive data without incurring high costs. They are considering using smart cards or biometric scanners. However, the budget is limited, and employees often work remotely. Which of the following is the most cost-effective and practical approach to strengthen authentication?

Question 66hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is migrating its on-premises applications to a cloud provider. The identity management infrastructure must support single sign-on (SSO) across multiple cloud services and maintain on-premises Active Directory as the authoritative identity source. The security team is concerned about credential stuffing attacks and password spray attacks. They want to implement a risk-based access policy that requires additional verification when logins originate from unusual locations or devices. Additionally, they need to ensure that user accounts are provisioned and deprovisioned in the cloud in near real-time based on AD changes. Which of the following solutions BEST meets these requirements?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SSCP Practice Test 1 — 10 Questions→SSCP Practice Test 2 — 10 Questions→SSCP Practice Test 3 — 10 Questions→SSCP Practice Test 4 — 10 Questions→SSCP Practice Test 5 — 10 Questions→SSCP Practice Exam 1 — 20 Questions→SSCP Practice Exam 2 — 20 Questions→SSCP Practice Exam 3 — 20 Questions→SSCP Practice Exam 4 — 20 Questions→Free SSCP Practice Test 1 — 30 Questions→Free SSCP Practice Test 2 — 30 Questions→Free SSCP Practice Test 3 — 30 Questions→SSCP Practice Questions 1 — 50 Questions→SSCP Practice Questions 2 — 50 Questions→SSCP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Risk Identification, Monitoring and AnalysisNetwork and Communications SecuritySystems and Application SecuritySecurity Operations and AdministrationIncident Response and RecoveryAccess ControlsCryptography

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Access Controls setsAll Access Controls questionsSSCP Practice Hub