Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security Operations and Administration practice sets

SSCP Security Operations and Administration • Complete Question Bank

SSCP Security Operations and Administration — All Questions With Answers

Complete SSCP Security Operations and Administration question bank — all 0 questions with answers and detailed explanations.

74
Questions
Free
No signup
Certifications/SSCP/Practice Test/Security Operations and Administration/All Questions
Question 1easymultiple choice
Read the full Security Operations and Administration explanation →

A company wants to ensure that employees understand the proper use of corporate email and internet. Which policy should they implement?

Question 2mediummultiple choice
Read the full Security Operations and Administration explanation →

During a security audit, it is found that several employees have written their passwords on sticky notes attached to their monitors. Which policy is being violated?

Question 3easymultiple choice
Read the full Security Operations and Administration explanation →

A security awareness training program is being developed. Which topic is most important to include to reduce the risk of credential theft?

Question 4mediummultiple choice
Read the full Security Operations and Administration explanation →

A security metric shows that patch compliance is at 85%. The goal is 95%. Which action should be taken first?

Question 5hardmultiple choice
Read the full Security Operations and Administration explanation →

A change request to update a critical database server has been approved by the Change Advisory Board (CAB). During testing, a major compatibility issue is discovered. What is the best course of action?

Question 6mediummultiple choice
Read the full Security Operations and Administration explanation →

A security administrator needs to ensure that all servers are configured with a hardened baseline. Which tool is best suited to detect deviations from the baseline configuration?

Question 7mediummultiple choice
Read the full Security Operations and Administration explanation →

A company wants to track all hardware assets including serial numbers and locations. What is the primary repository for this information?

Question 8hardmultiple choice
Read the full Security Operations and Administration explanation →

An organization uses a mantrap at its main entrance. An employee badges in, enters the first door, but then the second door fails to open. What should the employee do?

Question 9easymultiple choice
Read the full Security Operations and Administration explanation →

Which backup type copies all data that has changed since the last full backup, regardless of subsequent backups?

Question 10mediummultiple choice
Read the full Security Operations and Administration explanation →

A company has a Recovery Time Objective (RTO) of 4 hours for its critical database. Which backup strategy best supports this RTO?

Question 11hardmultiple choice
Read the full Security Operations and Administration explanation →

A critical vulnerability with a CVSS score of 9.8 is discovered in a web server that cannot be patched due to vendor dependency. What is the best compensating control?

Question 12easymultiple choice
Read the full Security Operations and Administration explanation →

Which of the following is a key principle of the 3-2-1 backup rule?

Question 13mediummultiple choice
Read the full Security Operations and Administration explanation →

A security administrator receives an alert from the SIEM indicating a configuration change on a critical server. The change was not part of any approved change request. What should be the first step?

Question 14mediummultiple choice
Read the full Security Operations and Administration explanation →

A company is implementing a new access control system for its data center. Which physical security control is best for preventing tailgating?

Question 15hardmultiple choice
Read the full Security Operations and Administration explanation →

A patch management process is being audited. Which finding indicates a critical gap in the process?

Question 16mediummulti select
Read the full Security Operations and Administration explanation →

A security administrator is selecting security metrics for the organization. Which TWO metrics are most useful for measuring the effectiveness of patching? (Select TWO)

Question 17mediummulti select
Read the full Security Operations and Administration explanation →

A company is implementing a change management process. Which THREE elements are essential for every change request? (Select THREE)

Question 18hardmulti select
Read the full Security Operations and Administration explanation →

An organization is enhancing its backup strategy. According to the 3-2-1 rule, which THREE characteristics must the backup strategy include? (Select THREE)

Question 19easymulti select
Read the full Security Operations and Administration explanation →

A security administrator is designing physical security for a high-security area. Which TWO controls are most effective for preventing unauthorized entry? (Select TWO)

Question 20hardmulti select
Read the full Security Operations and Administration explanation →

During a post-implementation review of a recent change, it is found that the change introduced a security vulnerability. What TWO actions should be taken? (Select TWO)

Question 21easymultiple choice
Read the full Security Operations and Administration explanation →

A security administrator is drafting an acceptable use policy (AUP). Which of the following should be included to address the use of personal devices for work purposes?

Question 22mediummultiple choice
Read the full Security Operations and Administration explanation →

During a change management process, the Change Advisory Board (CAB) has approved a change to update a critical database server. After implementation, a rollback is necessary due to unforeseen performance issues. What should the change manager do next?

Question 23hardmultiple choice
Read the full Security Operations and Administration explanation →

An organization is implementing configuration management and wants to detect unauthorized changes to server configurations. Which of the following tools would be most effective for this purpose?

Question 24mediummultiple choice
Read the full Security Operations and Administration explanation →

A security analyst notices an alert indicating that a user's workstation has been connected to an unauthorized external device. Which physical security control would best help prevent such incidents?

Question 25easymultiple choice
Read the full Security Operations and Administration explanation →

Which of the following backup methods copies all data that has changed since the last full backup, regardless of any intermediate backups?

Question 26mediummultiple choice
Read the full Security Operations and Administration explanation →

During a security awareness training session, an employee asks how to identify a phishing email. Which of the following is the most reliable indicator of a phishing attempt?

Question 27hardmultiple choice
Read the full Security Operations and Administration explanation →

A company is implementing a new patch management process. After scanning for missing patches, the team must prioritize which patches to apply first. Which combination of factors is most critical for prioritization?

Question 28easymultiple choice
Read the full Security Operations and Administration explanation →

Which of the following is the primary purpose of a configuration management database (CMDB)?

Question 29mediummultiple choice
Read the full Security Operations and Administration explanation →

A security administrator is evaluating backup strategies for a critical database with a recovery time objective (RTO) of 4 hours and a recovery point objective (RPO) of 1 hour. Which backup approach best meets these requirements?

Question 30hardmultiple choice
Read the full Security Operations and Administration explanation →

An organization wants to ensure that all new servers are deployed with a hardened baseline configuration. Which of the following is the most effective control to enforce this?

Question 31mediummultiple choice
Read the full Security Operations and Administration explanation →

A security metric tracking the percentage of systems with critical patches applied within 48 hours is an example of which type of metric?

Question 32easymultiple choice
Read the full Security Operations and Administration explanation →

Which of the following is the correct order of steps in the change management process?

Question 33mediummultiple choice
Read the full Security Operations and Administration explanation →

A security administrator needs to dispose of hard drives that contain sensitive data. Which method provides the highest assurance that data cannot be recovered?

Question 34mediummultiple choice
Read the full Security Operations and Administration explanation →

An organization's security policy requires that all portable media containing sensitive data be encrypted. Which type of control does this requirement represent?

Question 35hardmultiple choice
Read the full Security Operations and Administration explanation →

A company's backup strategy uses a full backup on Sundays and differential backups on other days. On Thursday, the storage system fails. How many backups are required to restore the data?

Question 36mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are key components of the 3-2-1 backup rule?

Question 37hardmulti select
Read the full Security Operations and Administration explanation →

A security administrator is implementing physical security for a data center. Which THREE of the following controls should be included to provide layered security?

Question 38easymulti select
Read the full Security Operations and Administration explanation →

Which THREE of the following are examples of security awareness training topics?

Question 39mediummulti select
Read the full Security Operations and Administration explanation →

An organization is implementing a software inventory management process. Which TWO of the following should be tracked for each software asset?

Question 40mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are valid reasons to deny a change request during the CAB approval process?

Question 41easymultiple choice
Read the full Security Operations and Administration explanation →

A security administrator is implementing a policy that requires all employees to use a password manager and enable multi-factor authentication. This policy is BEST described as a:

Question 42mediummultiple choice
Read the full Security Operations and Administration explanation →

During a security awareness training session, an employee reports receiving an email that appears to be from the CEO requesting an urgent wire transfer. The email has a suspicious domain and poor grammar. Which type of attack is this an example of?

Question 43hardmultiple choice
Read the full Security Operations and Administration explanation →

A company has a backup policy that performs a full backup every Sunday and incremental backups on other days. On Wednesday, a server fails. How many backup sets are needed to restore the server to its state on Tuesday night?

Question 44easymultiple choice
Read the full Security Operations and Administration explanation →

Which of the following is the PRIMARY purpose of implementing a clean desk policy?

Question 45mediummultiple choice
Read the full Security Operations and Administration explanation →

A security analyst notices multiple failed login attempts on a critical server followed by a successful login from an unusual IP address. Which metric would BEST capture this event?

Question 46mediummultiple choice
Read the full Security Operations and Administration explanation →

A change request to update a firewall rule has been submitted. After impact assessment, the change is approved by the Change Advisory Board (CAB). What is the NEXT step in the change management process?

Question 47hardmultiple choice
Read the full Security Operations and Administration explanation →

An organization wants to ensure that servers are configured securely before deployment. They plan to use a hardened operating system image and regularly scan for deviations using SCAP. Which concept does this represent?

Question 48easymultiple choice
Read the full Security Operations and Administration explanation →

Which of the following physical security controls is designed to prevent tailgating by requiring two doors to be interlocked?

Question 49mediummultiple choice
Read the full Security Operations and Administration explanation →

A company uses a backup strategy that backs up all data every Sunday and backs up only data that has changed since the last full backup on other days. This is an example of which backup type?

Question 50hardmultiple choice
Read the full Security Operations and Administration explanation →

A vulnerability scan identifies a critical vulnerability on a web server with a CVSS score of 9.8. The server hosts a public-facing application. However, the patch would require a reboot that would cause downtime during business hours. What should the security administrator do FIRST?

Question 51mediummultiple choice
Read the full Security Operations and Administration explanation →

An employee is leaving the company. As part of the offboarding process, which action should be taken regarding the hardware assigned to the employee?

Question 52easymultiple choice
Read the full Security Operations and Administration explanation →

Which of the following is the BEST definition of Recovery Point Objective (RPO)?

Question 53mediummultiple choice
Read the full Security Operations and Administration explanation →

A security administrator is reviewing log files and notices that a user logged in at 3:00 AM from an IP address in a foreign country. The user's manager confirms the user is not authorized for remote access. Which type of policy has likely been violated?

Question 54hardmultiple choice
Read the full Security Operations and Administration explanation →

During a post-implementation review of a change, it is discovered that the change introduced a configuration deviation from the baseline. The deviation was not detected during testing. What is the BEST way to prevent this in the future?

Question 55mediummultiple choice
Read the full Security Operations and Administration explanation →

An organization wants to ensure that sensitive data on laptops is protected in case of loss or theft. Which control is MOST effective?

Question 56mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are key components of the 3-2-1 backup rule? (Select TWO)

Question 57hardmulti select
Read the full Security Operations and Administration explanation →

Which THREE of the following are valid steps in the change management process? (Select THREE)

Question 58easymulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are examples of physical security controls? (Select TWO)

Question 59hardmulti select
Read the full Security Operations and Administration explanation →

Which THREE of the following are critical elements of a patch management policy? (Select THREE)

Question 60mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO of the following are key components of a configuration management database (CMDB)? (Select TWO)

Question 61easymultiple choice
Read the full Security Operations and Administration explanation →

An organization's security policy prohibits employees from sharing passwords. What type of policy is this?

Question 62mediummultiple choice
Read the full Security Operations and Administration explanation →

A security awareness training program aims to reduce successful phishing attacks. Which metric is most appropriate for measuring the effectiveness of this training?

Question 63hardmultiple choice
Read the full Security Operations and Administration explanation →

During a change management process, the Change Advisory Board (CAB) approves a high-risk change. What is the NEXT step according to standard change management?

Question 64easymultiple choice
Read the full Security Operations and Administration explanation →

What is the primary purpose of a baseline configuration in configuration management?

Question 65mediummultiple choice
Read the full Security Operations and Administration explanation →

An organization uses a SIEM to alert when a server's configuration changes from its hardened baseline. This is an example of:

Question 66hardmultiple choice
Read the full Security Operations and Administration explanation →

During a physical security audit, it is discovered that employees often prop open the mantrap door to allow easier access. What is the BEST control to address this?

Question 67easymultiple choice
Read the full Security Operations and Administration explanation →

Which backup type copies all data that has changed since the last full backup, regardless of any incremental backups?

Question 68mediummultiple choice
Read the full Security Operations and Administration explanation →

An organization needs to recover data from a backup after a ransomware attack. The backup was taken 12 hours ago, and the RPO is 4 hours. What is the impact?

Question 69hardmultiple choice
Read the full Security Operations and Administration explanation →

A security administrator is prioritizing patches for a vulnerability with a CVSS score of 9.8 that is being actively exploited in the wild. The affected server has a low criticality classification. What should the administrator do?

Question 70easymultiple choice
Read the full Security Operations and Administration explanation →

Which physical security control is designed to prevent tailgating by allowing only one person to enter at a time?

Question 71mediummultiple choice
Read the full Security Operations and Administration explanation →

An organization's backup policy states: 'Maintain three copies of data on two different media types, with one copy stored offsite.' This is known as:

Question 72hardmultiple choice
Read the full Security Operations and Administration explanation →

After a patch is deployed to a critical server, the system becomes unstable. The change management plan includes a rollback procedure. What should be done FIRST?

Question 73mediummulti select
Read the full Security Operations and Administration explanation →

Which TWO controls are examples of physical security controls that can help prevent unauthorized access to a data center? (Select TWO.)

Question 74mediummulti select
Read the full Security Operations and Administration explanation →

A security administrator is implementing the 3-2-1 backup rule. Which THREE actions are required to comply with this rule? (Select THREE.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SSCP Practice Test 1 — 25 Questions→SSCP Practice Test 2 — 25 Questions→SSCP Practice Test 3 — 25 Questions→SSCP Practice Test 4 — 25 Questions→SSCP Practice Test 5 — 25 Questions→SSCP Practice Exam 1 — 20 Questions→SSCP Practice Exam 2 — 20 Questions→SSCP Practice Exam 3 — 20 Questions→SSCP Practice Exam 4 — 20 Questions→Free SSCP Practice Test 1 — 30 Questions→Free SSCP Practice Test 2 — 30 Questions→Free SSCP Practice Test 3 — 30 Questions→SSCP Practice Questions 1 — 50 Questions→SSCP Practice Questions 2 — 50 Questions→SSCP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Access ControlsRisk Identification, Monitoring, and AnalysisIncident Response and RecoverySecurity Operations and AdministrationCryptographyNetwork and Communications SecuritySystems and Application SecurityRisk Identification, Monitoring and Analysis

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security Operations and Administration setsAll Security Operations and Administration questionsSSCP Practice Hub