Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security Operations and Administration practice sets

SSCP Security Operations and Administration • Complete Question Bank

SSCP Security Operations and Administration — All Questions With Answers

Complete SSCP Security Operations and Administration question bank — all 0 questions with answers and detailed explanations.

79
Questions
Free
No signup
Certifications/SSCP/Practice Test/Security Operations and Administration/All Questions
Question 1mediummultiple choice
Read the full Security Operations and Administration explanation →

A security analyst receives an alert that a user account has been locked out multiple times within 10 minutes. The analyst checks the account and finds it is a service account used for automated backups. What is the most likely cause?

Question 2hardmultiple choice
Read the full Security Operations and Administration explanation →

A company implements a new policy requiring all privileged access requests to be approved by a manager. However, after deployment, analysts report that they cannot perform emergency changes outside business hours. What is the best solution?

Question 3easymultiple choice
Read the full Security Operations and Administration explanation →

A security administrator is tasked with ensuring that only authorized software can run on company workstations. Which security control should be implemented?

Question 4mediummultiple choice
Read the full Security Operations and Administration explanation →

An organization's security policy requires that all data at rest be encrypted. A database administrator objects, stating that encryption will degrade performance. What is the best response?

Question 5hardmultiple choice
Read the full Security Operations and Administration explanation →

During a security audit, it is discovered that several employees have access to shared network drives containing sensitive HR data. The HR manager states that these employees no longer need access. What is the most efficient way to revoke access?

Question 6easymultiple choice
Read the full Security Operations and Administration explanation →

A company wants to ensure that employees use strong passwords. Which policy is most effective?

Question 7mediummultiple choice
Read the full Security Operations and Administration explanation →

A security team is investigating a potential data exfiltration incident. They notice that a large amount of data was transferred to an external IP address during off-hours. What should be the first step?

Question 8hardmultiple choice
Read the full Security Operations and Administration explanation →

An organization uses role-based access control (RBAC). A user complains that they can access a resource they were previously denied. The security administrator finds that the user's role was recently changed. What is the most likely cause?

Question 9easymultiple choice
Read the full Security Operations and Administration explanation →

Which of the following is the primary purpose of a security awareness program?

Question 10mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are valid reasons for implementing a separation of duties policy? (Choose two.)

Question 11hardmulti select
Read the full Security Operations and Administration explanation →

Which THREE of the following are essential elements of an effective incident response plan? (Choose three.)

Question 12easymulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are examples of administrative controls? (Choose two.)

Question 13mediummultiple choice
Read the full Security Operations and Administration explanation →

Based on the exhibit, which type of attack is most likely occurring?

Exhibit

Refer to the exhibit.

[user@server ~]$ sudo cat /var/log/auth.log | grep 'Failed password' | tail -5
Mar 10 14:23:01 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2
Mar 10 14:23:05 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2
Mar 10 14:23:09 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2
Mar 10 14:23:13 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2
Mar 10 14:23:17 server sshd[1234]: Failed password for root from 10.0.0.5 port 22 ssh2
Question 14hardmultiple choice
Read the full Security Operations and Administration explanation →

Based on the exhibit, which of the following best describes the firewall configuration?

Network Topology
0 0 ACCEPT alllo * 0.0.0.0/010 840 ACCEPT tcp20 1680 ACCEPT tcp5 420 ACCEPT tcp0 0 DROP alleth0 * 0.0.0.0/0Refer to the exhibit.
Question 15hardmultiple choice
Read the full Security Operations and Administration explanation →

You are the security administrator for a mid-sized financial company that processes credit card transactions. The company has a mix of on-premises servers and cloud-based services. Recently, the company experienced a data breach where an attacker exfiltrated customer data from a database server. The investigation reveals that the attacker used compromised credentials of a database administrator (DBA) account. The DBA account had been used by multiple administrators without proper auditing. The company wants to implement a solution to prevent such incidents in the future. The solution must: 1) ensure that each administrator has a unique account for database access, 2) require approval for privileged actions, 3) provide a full audit trail of all privileged activities, and 4) be cost-effective. Which of the following is the best course of action?

Question 16mediummultiple choice
Read the full NAT/PAT explanation →

You work for a hospital that has recently transitioned to an electronic health record (EHR) system. The system stores protected health information (PHI) and must comply with HIPAA. The hospital's security policy requires that all access to PHI be logged and that any unauthorized access be detected promptly. The IT department has implemented logging on the EHR system, but the security team is overwhelmed by the volume of logs and cannot review them in a timely manner. Additionally, there have been incidents where employees accessed patient records without a legitimate need, but these were only discovered months later during random audits. The hospital needs to improve its detection capabilities. Which of the following is the most effective solution?

Question 17mediumdrag order
Read the full VPN explanation →

Drag and drop the steps for establishing a VPN using IPsec in tunnel mode into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 18mediummatching
Read the full Security Operations and Administration explanation →

Match each network security device to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Filters traffic based on rules

Monitors and alerts on suspicious activity

Blocks malicious traffic in real-time

Manages encrypted tunnels

Question 19mediummultiple choice
Read the full Security Operations and Administration explanation →

A security administrator needs to ensure that only authorized personnel can reset user passwords in Active Directory. Which of the following is the BEST method to delegate this responsibility without granting unnecessary privileges?

Question 20easymultiple choice
Read the full Security Operations and Administration explanation →

An organization implements a new security policy requiring all portable storage devices to be encrypted. Which of the following is the MOST effective control to enforce this policy?

Question 21hardmultiple choice
Read the full DNS explanation →

A security analyst is investigating a potential data exfiltration incident. The logs show a large number of outbound DNS queries to a domain that resolves to an IP address in a foreign country. The queries contain encoded strings in the subdomain. Which type of attack is MOST likely occurring?

Question 22mediummultiple choice
Read the full Security Operations and Administration explanation →

A system administrator receives a report that a critical server is running low on disk space. After investigation, it is determined that the log files are not being rotated properly. Which of the following is the BEST solution to prevent this issue in the future?

Question 23easymultiple choice
Read the full Security Operations and Administration explanation →

An employee reports that they cannot access a shared folder on the network. The security administrator checks the permission and finds that the user is in the correct group, but the 'Deny' entry for a different group is blocking access. What is the MOST likely cause?

Question 24hardmultiple choice
Read the full Security Operations and Administration explanation →

A security engineer is configuring a firewall to block all inbound traffic except for specific services. Which of the following design principles is being applied?

Question 25mediummultiple choice
Read the full Security Operations and Administration explanation →

A company experiences a security breach where an attacker gained access to the network through a compromised vendor account. Which of the following controls would have BEST prevented this attack?

Question 26easymultiple choice
Read the full Security Operations and Administration explanation →

A system administrator needs to securely transfer log files from a Linux server to a central log collector. Which protocol should be used to ensure confidentiality and integrity?

Question 27hardmultiple choice
Read the full Security Operations and Administration explanation →

During a security assessment, a penetration tester discovers that a web application allows users to upload files without proper validation. The tester successfully uploads a PHP web shell. Which control would have MOST effectively prevented this exploitation?

Question 28mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are key components of an organization's security policy framework? (Choose two.)

Question 29hardmulti select
Read the full Security Operations and Administration explanation →

Which THREE of the following are appropriate techniques for securely disposing of magnetic hard disk drives that contain sensitive data? (Choose three.)

Question 30easymulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are examples of administrative controls in a security program? (Choose two.)

Question 31easymultiple choice
Read the full Security Operations and Administration explanation →

Refer to the exhibit. What does this event indicate?

Exhibit

Refer to the exhibit.

Event Log Entry:
```
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: NETWORK SERVICE
Computer: DC01.contoso.com
Description:
An account failed to log on.
Subject:
	Security ID: SYSTEM
	Account Name: DC01$
	Account Domain: CONTOSO
	Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
	Security ID: NULL SID
	Account Name: administrator
	Account Domain: CONTOSO
Failure Information:
	Failure Reason: Unknown user name or bad password.
	Status: 0xC000006D
	Sub Status: 0xC000006A
```
Question 32mediummultiple choice
Read the full Security Operations and Administration explanation →

Refer to the exhibit. An administrator implements this firewall rule. What is the intended effect?

Exhibit

Refer to the exhibit.

Windows Firewall Rule (PowerShell output):
```
Name        : Block SMB Outbound
DisplayName : Block SMB Outbound
Description : Blocks outbound SMB traffic to prevent lateral movement
Enabled     : True
Direction   : Outbound
Action      : Block
Profile     : Domain
LocalAddress: Any
RemoteAddress: Any
Protocol    : TCP
LocalPort   : Any
RemotePort  : 445
```
Question 33hardmultiple choice
Read the full Security Operations and Administration explanation →

Refer to the exhibit. A systems administrator configures this Group Policy setting. What is the direct consequence?

Exhibit

Refer to the exhibit.

Group Policy Security Setting:
```
Policy Path: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Policy Setting: 'Deny log on through Remote Desktop Services'
Members: CONTOSO\Backup Operators
```
Question 34mediummultiple choice
Read the full Security Operations and Administration explanation →

A security administrator notices that a critical server's event log shows repeated failed login attempts from an internal IP address that normally does not generate any traffic. The administrator immediately blocks the IP at the firewall and resets the account password. However, the incident response team later determines that the attacker had already gained access to the server. What is the MOST likely reason the administrator's actions were insufficient?

Question 35easymultiple choice
Read the full Security Operations and Administration explanation →

A company implements a policy that requires all employees to change their passwords every 60 days. Which of the following is the PRIMARY security benefit of this requirement?

Question 36hardmultiple choice
Read the full Security Operations and Administration explanation →

An organization uses role-based access control (RBAC). After a merger, a user account from the acquired company is migrated into the parent company's domain. The user is assigned to multiple roles, but is unable to access a critical application that requires a specific role. The administrator verified that the user's account is enabled and the application server is reachable. What is the MOST likely cause?

Question 37mediummultiple choice
Read the full Security Operations and Administration explanation →

A security administrator is reviewing backup procedures for a database server. The current backup policy mandates a full backup every Sunday and differential backups Tuesday through Friday. On Wednesday, a failure occurs, and the database is lost. The last successful full backup was completed on Sunday, and the last differential backup was completed on Tuesday. How many backup sets are needed to restore the database to its state as of Tuesday?

Question 38hardmultiple choice
Read the full Security Operations and Administration explanation →

During a security audit, it is discovered that a system administrator shared their personal credentials with a colleague to troubleshoot an issue after hours. This violates the company's policy regarding password sharing. Which control would BEST prevent this type of incident in the future?

Question 39easymultiple choice
Read the full Security Operations and Administration explanation →

An organization wants to ensure that only authorized devices can connect to its internal network. Which of the following should be implemented?

Question 40mediummultiple choice
Read the full Security Operations and Administration explanation →

A security analyst notices that an employee's account has been sending large amounts of data to an external IP address during non-business hours. The analyst suspects the employee's credentials have been compromised. What is the FIRST step the analyst should take according to incident response procedures?

Question 41mediummultiple choice
Read the full VPN explanation →

A company's VPN logs show that a user's account authenticated from two different geographic locations within a span of 10 minutes. The distances between locations make physical travel impossible. The security team investigates and finds that the user's password is complex and not shared. What is the MOST likely explanation?

Question 42easymultiple choice
Read the full Security Operations and Administration explanation →

A security administrator needs to set file permissions on a shared folder so that only members of the 'Finance' group can read and write to it. All existing permissions should be removed. Which command should the administrator use?

Question 43mediummulti select
Read the full Security Operations and Administration explanation →

A security administrator is implementing a change management process. Which TWO of the following are essential components of a change management policy? (Choose two.)

Question 44easymulti select
Read the full Security Operations and Administration explanation →

A security operations team is developing an incident response plan. Which TWO steps are part of the 'containment, eradication, and recovery' phase? (Choose two.)

Question 45hardmulti select
Read the full Security Operations and Administration explanation →

A security administrator is tasked with managing user access. Which THREE of the following are principles of least privilege? (Choose three.)

Question 46hardmultiple choice
Read the full Security Operations and Administration explanation →

Refer to the exhibit. A security analyst reviews the log and determines that the system was under a brute force attack. However, the analyst notices that the attack stopped after 5 minutes, and the IP address was not blocked. Which of the following is the MOST likely reason the attack stopped?

Exhibit

Jan 15 08:30:00 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Jan 15 08:30:05 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Jan 15 08:30:10 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
... (repeated 50 times in 5 minutes)
Jan 15 08:35:00 server sshd[1234]: Connection closed by 192.168.1.100 port 22
Question 47hardmultiple choice
Read the full Security Operations and Administration explanation →

Refer to the exhibit. A security analyst reviews these iptables rules and expects SSH access to be blocked, but it is still allowed. What is the MOST likely reason?

Network Topology
ACCEPT tcp0.0.0.0/0 203.0.113.5 tcp dpt:22DROP tcpChain INPUT (policy ACCEPT)target prot opt source destination
Question 48easymultiple choice
Read the full Security Operations and Administration explanation →

Refer to the exhibit. A security administrator notices repeated events with the same failure reason for the Administrator account. What is the MOST likely type of attack?

Exhibit

Event ID 4625: An account failed to log on.
Logon Type: 10
Account Name: Administrator
Source Network Address: 192.168.1.200
Failure Reason: Unknown user name or bad password.
Question 49easymultiple choice
Read the full Security Operations and Administration explanation →

A system administrator needs to grant a temporary contractor access to a specific shared folder for two weeks. Which access control approach is most appropriate?

Question 50mediummultiple choice
Read the full Security Operations and Administration explanation →

An organization's help desk receives multiple reports of employees unable to access a critical internal application. The IT team confirms the application server is running. What is the FIRST step in the incident response process?

Question 51hardmultiple choice
Read the full Security Operations and Administration explanation →

A security administrator is implementing change management for a critical financial system. Which of the following is the MOST important control to prevent unauthorized changes?

Question 52mediummultiple choice
Read the full Security Operations and Administration explanation →

An IT auditor reports that firewall logs are not being reviewed regularly. Which control should be implemented to address this finding?

Question 53easymultiple choice
Read the full Security Operations and Administration explanation →

A small business wants to protect its data from ransomware. Which backup strategy provides the BEST protection against an attack where the backup files are also encrypted?

Question 54hardmultiple choice
Read the full Security Operations and Administration explanation →

A company has a policy requiring segregation of duties (SoD) for financial transactions. Which scenario represents a violation of this principle?

Question 55mediummultiple choice
Read the full Security Operations and Administration explanation →

A new employee needs access to the CRM, email, and file servers. The security policy requires that access privileges are granted based on job function. Which process should be used?

Question 56easymultiple choice
Read the full Security Operations and Administration explanation →

An organization wants to prevent unauthorized persons from entering a secure server room. Which control is the MOST effective?

Question 57hardmultiple choice
Read the full Security Operations and Administration explanation →

A security awareness program is being developed. Which topic is MOST critical for all employees to understand to reduce the risk of social engineering?

Question 58mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are types of intrusion detection systems (IDS) based on the detection method?

Question 59hardmulti select
Read the full Security Operations and Administration explanation →

Which THREE of the following are key objectives of data classification?

Question 60mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are essential components of a disaster recovery plan (DRP)?

Question 61mediummultiple choice
Read the full Security Operations and Administration explanation →

An analyst runs the netstat command on a web server. Based on the output, which connection is the MOST suspicious?

Exhibit

Refer to the exhibit.
netstat -an | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 10.0.1.25:80 192.168.1.10:54321 ESTABLISHED
tcp 0 0 10.0.1.25:80 10.0.2.50:44350 ESTABLISHED
tcp 0 0 10.0.1.25:80 203.0.113.5:8080 ESTABLISHED
Question 62hardmultiple choice
Read the full Security Operations and Administration explanation →

An analyst reviews a Windows security log. Given the event, what is the MOST likely cause of the lockout?

Exhibit

Refer to the exhibit.
Security event log excerpt:
Event ID: 4625 (Account logon failure)
Account Name: jdoe
Failure Reason: Account locked out
Logon Type: 10 (RemoteInteractive)
Source Network Address: 10.0.1.100
Workstation: WS-102
Timestamp: 2023-06-15 14:23:45
Question 63easymultiple choice
Read the full Security Operations and Administration explanation →

A network administrator implements the firewall rules above. What is the effect of this rulebase?

Exhibit

Refer to the exhibit.
Extracted from firewall rulebase:
Rule 1: permit src any dst any port 80 (http)
Rule 2: permit src any dst any port 443 (https)
Rule 3: deny src 10.0.0.0/8 dst any
Question 64mediummultiple choice
Read the full Security Operations and Administration explanation →

A system administrator notices that a user's account has been locked out multiple times within an hour. The admin reviews the logs and finds repeated failed login attempts from an unusual IP address. What is the BEST immediate action to mitigate further risk?

Question 65hardmultiple choice
Read the full Security Operations and Administration explanation →

An organization is migrating from on-premises servers to a cloud IaaS model. The security team must ensure that virtual machine (VM) images are hardened before deployment. Which of the following is the MOST effective control to ensure consistency and compliance with security baselines?

Question 66easymultiple choice
Read the full Security Operations and Administration explanation →

A security analyst is reviewing the access control policy and notices that some users have been granted 'write' access to a directory that contains sensitive financial reports. Which principle of information security is being violated?

Question 67mediummultiple choice
Read the full Security Operations and Administration explanation →

A company's security policy requires that employees must change their passwords every 60 days. However, help desk tickets show that many users are locked out after forgetting their new passwords. Which of the following would BEST balance security and usability?

Question 68mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are essential steps in a security incident response process according to the SSCP common body of knowledge? (Select the two best answers.)

Question 69hardmulti select
Read the full Security Operations and Administration explanation →

Which THREE of the following are valid methods for enforcing separation of duties in an IT environment? (Select the three best answers.)

Question 70easymulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are key components of a data classification policy? (Select the two best answers.)

Question 71easymultiple choice
Read the full Security Operations and Administration explanation →

A small business has 50 employees and uses a cloud-based email service. The IT manager receives a report that several employees have been receiving phishing emails that appear to come from the company's CEO. The emails request that employees purchase gift cards and send the codes urgently. Two employees have already complied, losing $500 total. The manager wants to prevent this from recurring. The company has a limited budget and no dedicated security staff. Which of the following actions should the manager take FIRST?

Question 72mediummultiple choice
Open the full VLAN trunking answer →

A hospital's IT department manages a network with hundreds of medical devices, including patient monitors and infusion pumps, all connected to a separate VLAN. The security team has identified that several devices are running outdated firmware with known vulnerabilities. The vendor has not released patches for these legacy devices. The hospital cannot replace them immediately due to budget constraints. The network team proposes moving the devices to a more restrictive firewall zone and implementing intrusion detection. Which of the following additional controls should be implemented to BEST reduce the risk of a breach exploiting these devices?

Question 73hardmultiple choice
Read the full Security Operations and Administration explanation →

A financial firm is implementing a new access control system for its critical trading application. The application currently uses local accounts and password authentication. The security team wants to enforce multi-factor authentication (MFA) and centralized user management. The firm has an existing Active Directory (AD) infrastructure and a certificate authority (CA). However, the trading application only supports smart card authentication via PKI and does not support integration with AD directly. The IT team must design a solution that meets security requirements while minimizing changes to the application. Which approach should the team take?

Question 74easymultiple choice
Read the full Security Operations and Administration explanation →

A university's IT department manages a network used by students and faculty. The security team notices an unusual increase in outbound traffic from the student dormitory network during late hours. Upon investigation, they discover that several student laptops are infected with malware that is attempting to connect to external command-and-control (C2) servers. The team needs to contain the incident quickly while minimizing impact on legitimate users. Which of the following is the BEST immediate containment measure?

Question 75mediummultiple choice
Read the full Security Operations and Administration explanation →

A government contractor is required to comply with the Federal Information Security Management Act (FISMA). The security officer must implement a continuous monitoring program for all information systems. The contractor uses a mix of on-premises servers and cloud services. The contractor has a SIEM tool that collects logs from all systems. However, the SIEM generates a high number of alerts, many of which are false positives, overwhelming the security team. The team wants to improve the effectiveness of the monitoring program without increasing staff. Which of the following actions would MOST effectively address the issue?

Question 76hardmultiple choice
Read the full Security Operations and Administration explanation →

A large e-commerce company has a disaster recovery (DR) plan that requires Recovery Time Objective (RTO) of 4 hours and Recovery Point Objective (RPO) of 1 hour for its customer database. The database runs on a clustered SQL server with synchronous replication to a standby server in a different data center. During a recent test, the IT team found that failover took 3 hours, but due to a replication lag of 45 minutes, some transactions were lost. The team needs to meet both RTO and RPO. Which of the following changes should the team implement FIRST?

Question 77mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are key components of a security awareness program?

Question 78hardmultiple choice
Read the full Security Operations and Administration explanation →

What does this log entry most likely indicate?

Exhibit

Refer to the exhibit.

May 12 14:32:18 server sshd[1234]: Failed password for invalid user admin from 192.168.1.10 port 22 ssh2
Question 79easymultiple choice
Read the full Security Operations and Administration explanation →

A company has 200 employees using a Windows Active Directory environment. The security administrator receives multiple alerts that user accounts are being locked out every 15 minutes. The help desk confirms that users who report the issue are able to log in successfully after unlocking their accounts, but they get locked out again shortly after. The administrator checks the domain controller security logs and sees many failed logon attempts with a specific service account name 'svc_backup' from multiple workstations. The svc_backup account is used for a backup application that runs scheduled tasks. What should the administrator do to resolve the issue?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SSCP Practice Test 1 — 10 Questions→SSCP Practice Test 2 — 10 Questions→SSCP Practice Test 3 — 10 Questions→SSCP Practice Test 4 — 10 Questions→SSCP Practice Test 5 — 10 Questions→SSCP Practice Exam 1 — 20 Questions→SSCP Practice Exam 2 — 20 Questions→SSCP Practice Exam 3 — 20 Questions→SSCP Practice Exam 4 — 20 Questions→Free SSCP Practice Test 1 — 30 Questions→Free SSCP Practice Test 2 — 30 Questions→Free SSCP Practice Test 3 — 30 Questions→SSCP Practice Questions 1 — 50 Questions→SSCP Practice Questions 2 — 50 Questions→SSCP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Risk Identification, Monitoring and AnalysisNetwork and Communications SecuritySystems and Application SecuritySecurity Operations and AdministrationIncident Response and RecoveryAccess ControlsCryptography

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security Operations and Administration setsAll Security Operations and Administration questionsSSCP Practice Hub