Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Systems and Application Security practice sets

SSCP Systems and Application Security • Complete Question Bank

SSCP Systems and Application Security — All Questions With Answers

Complete SSCP Systems and Application Security question bank — all 0 questions with answers and detailed explanations.

76
Questions
Free
No signup
Certifications/SSCP/Practice Test/Systems and Application Security/All Questions
Question 1mediummultiple choice
Read the full NAT/PAT explanation →

A security analyst notices that a web application is vulnerable to SQL injection. The application uses parameterized queries for most inputs but concatenates user input directly into a query for a legacy module. Which is the BEST immediate remediation?

Question 2hardmultiple choice
Read the full Systems and Application Security explanation →

An organization is implementing a jump server architecture for managing critical servers. Which additional control BEST reduces the risk of lateral movement if the jump server is compromised?

Question 3easymultiple choice
Read the full Systems and Application Security explanation →

A company is deploying a new mobile application that handles sensitive customer data. Which practice BEST ensures data confidentiality on the device?

Question 4hardmultiple choice
Read the full Systems and Application Security explanation →

During a penetration test, an attacker was able to bypass input validation and execute commands on a web server. The server runs a PHP application. Which of the following is the MOST likely root cause?

Question 5mediummultiple choice
Read the full Systems and Application Security explanation →

A system administrator needs to ensure that a Linux server is hardened against common attacks. Which configuration change is MOST effective in preventing privilege escalation via SUID binaries?

Question 6easymultiple choice
Read the full Systems and Application Security explanation →

A company is migrating its on-premises applications to a public cloud. Which security control is MOST important to implement to protect data in transit?

Question 7hardmultiple choice
Read the full Systems and Application Security explanation →

A security analyst reviews logs and finds that an attacker exploited a vulnerability in a web application to read arbitrary files from the server. The application runs on Apache with mod_php. Which of the following is the MOST likely vulnerability?

Question 8mediummultiple choice
Read the full Systems and Application Security explanation →

An organization is implementing a secure software development lifecycle (SDLC). Which activity should be performed during the design phase to minimize security flaws?

Question 9mediummulti select
Read the full Systems and Application Security explanation →

Which TWO of the following are effective controls to prevent buffer overflow attacks? (Choose two.)

Question 10hardmulti select
Read the full Systems and Application Security explanation →

Which THREE of the following are common indicators of a cross-site scripting (XSS) attack? (Choose three.)

Question 11easymulti select
Read the full wireless explanation →

Which TWO of the following are best practices for securing a wireless network? (Choose two.)

Question 12mediummulti select
Read the full Systems and Application Security explanation →

Which THREE of the following are valid methods for authenticating users in a web application? (Choose three.)

Question 13easymultiple choice
Read the full Systems and Application Security explanation →

Refer to the exhibit. A web server at 10.0.0.50 received the payload shown. What is the MOST likely impact if the web application is vulnerable?

Exhibit

Refer to the exhibit.

```
[IDS Alert]
Timestamp: 2023-10-05 14:23:45
Signature: ET WEB_SERVER Possible SQL Injection Attempt
Source IP: 192.168.1.100
Destination IP: 10.0.0.50
Payload: ' OR '1'='1' --
```
Question 14mediummultiple choice
Read the full NAT/PAT explanation →

Refer to the exhibit. A security analyst observes this event on a workstation. What is the MOST likely explanation?

Exhibit

Refer to the exhibit.

```
[Windows Security Log]
Event ID: 4688
Process Name: C:\Windows\System32\cmd.exe
Command Line: cmd.exe /c "echo %USERNAME% && whoami"
Parent Process: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
```
Question 15mediumdrag order
Read the full Systems and Application Security explanation →

Drag and drop the steps for conducting a security incident response under the NIST framework into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 16mediumdrag order
Read the full Systems and Application Security explanation →

Drag and drop the steps for setting up a certificate authority (CA) in Windows Server into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 17mediummatching
Read the full Systems and Application Security explanation →

Match each cryptography term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Same key for encryption and decryption

Key pair: public and private

One-way function producing fixed output

Ensures authenticity and non-repudiation

Question 18mediummatching
Read the full Systems and Application Security explanation →

Match each security control to its type (administrative, technical, physical).

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Administrative

Technical

Physical

Technical

Question 19mediummultiple choice
Read the full Systems and Application Security explanation →

A software development team is implementing input validation for a web application that accepts user email addresses. Which approach BEST prevents email injection attacks?

Question 20easymultiple choice
Read the full Systems and Application Security explanation →

An organization wants to protect endpoints from ransomware that encrypts files and demands payment. Which control should be implemented FIRST?

Question 21hardmultiple choice
Read the full Systems and Application Security explanation →

A company runs containerized applications in a Kubernetes cluster. They need to ensure that containers run with the least privilege and cannot escalate privileges. Which configuration change is MOST effective?

Question 22mediummultiple choice
Read the full NAT/PAT explanation →

A database administrator notices unusual queries that seem to be trying to extract data via SQL injection. The application uses parameterized queries for most queries, but some dynamic queries are built using string concatenation. What is the BEST remediation?

Question 23easymultiple choice
Read the full NAT/PAT explanation →

An IT administrator needs to ensure that all workstations receive security patches in a timely manner. Which process is MOST effective for this?

Question 24hardmultiple choice
Read the full Systems and Application Security explanation →

A company uses a Cloud Workload Protection Platform (CWPP) to secure IaaS workloads. They discover that a virtual machine (VM) is communicating with a known command-and-control server. What is the FIRST action the security team should take?

Question 25mediummultiple choice
Read the full Systems and Application Security explanation →

An organization allows employees to use personal smartphones to access corporate email and data. Which control is MOST important to protect corporate data if a device is lost or stolen?

Question 26easymultiple choice
Read the full Systems and Application Security explanation →

A small business needs basic protection against malware. Which solution is MOST cost-effective and provides real-time protection?

Question 27hardmultiple choice
Read the full Systems and Application Security explanation →

A DevOps team implements a CI/CD pipeline for a web application. Which security control is BEST to ensure that only properly reviewed code reaches production?

Question 28mediummulti select
Read the full Systems and Application Security explanation →

Which TWO of the following are essential components of a secure configuration baseline for a new server deployment?

Question 29hardmulti select
Read the full Systems and Application Security explanation →

Which THREE of the following are types of application security testing that should be included in a secure SDLC?

Question 30easymulti select
Read the full Systems and Application Security explanation →

Which THREE of the following are data loss prevention (DLP) controls that can be implemented to protect sensitive data?

Question 31mediummultiple choice
Read the full Systems and Application Security explanation →

Refer to the exhibit. A security analyst reviews the firewall configuration for a Windows workstation on a private network. What is the MOST significant weakness?

Exhibit

Refer to the exhibit.

```
netsh advfirewall show currentprofile

Profile  : Private
State    : On
Inbound connections : Block (default)
Outbound connections: Allow (default)

Firewall Rules:
Rule Name                            Action   Enabled
------------------------------------ -------- -------
File and Printer Sharing (Echo Req)  Allow    No
Remote Desktop (TCP-In)               Allow    No
RDP (UDP-In)                          Block    Yes
```
Question 32hardmultiple choice
Read the full Systems and Application Security explanation →

Refer to the exhibit. A web server log shows two requests from the same IP. What type of attack is being attempted, and which mitigation is MOST effective?

Exhibit

Refer to the exhibit.

```
192.168.1.10 - - [05/Mar/2025:13:45:12 +0000] "GET /products?id=1' OR '1'='1 HTTP/1.1" 200 1234 "-" "Mozilla/5.0"
192.168.1.10 - - [05/Mar/2025:13:45:15 +0000] "GET /products?id=1; DROP TABLE Users;-- HTTP/1.1" 200 1234 "-" "Mozilla/5.0"
```
Question 33easymultiple choice
Read the full Systems and Application Security explanation →

Refer to the exhibit. An AWS S3 bucket policy is defined as shown. Which statement about this policy is TRUE?

Exhibit

Refer to the exhibit.

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::company-public/*"
    },
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::company-private/*"
    }
  ]
}
```
Question 34easymultiple choice
Read the full Systems and Application Security explanation →

A company wants to prevent unauthorized applications from running on employee workstations. Which of the following is the most effective control?

Question 35mediummultiple choice
Read the full Systems and Application Security explanation →

A web application processes user-supplied data in SQL queries. Which practice best prevents SQL injection?

Question 36hardmultiple choice
Read the full Systems and Application Security explanation →

An organization experiences malware that injects code into legitimate processes. Which security feature should be enabled to prevent code execution in memory pages?

Question 37easymultiple choice
Read the full Systems and Application Security explanation →

A critical vulnerability is discovered in an application currently in use. What should be done first?

Question 38mediummultiple choice
Read the full Systems and Application Security explanation →

A company uses virtual machines for development. To ensure isolation between VMs on the same host, which control is most important?

Question 39hardmultiple choice
Read the full Systems and Application Security explanation →

A BYOD policy allows personal devices to access corporate email. What is the best control to enforce device encryption and remote wipe?

Question 40easymultiple choice
Read the full Systems and Application Security explanation →

An employee receives an email with an attachment claiming to be an invoice but contains a macro virus. What control would have blocked this?

Question 41mediummultiple choice
Read the full Systems and Application Security explanation →

An organization uses AWS IAM to manage access. Which best practice ensures least privilege?

Question 42hardmultiple choice
Read the full Systems and Application Security explanation →

During a code review, you discover that an application stores passwords in plaintext. What is the most secure remediation?

Question 43mediummultiple choice
Read the full Systems and Application Security explanation →

Refer to the exhibit. A security analyst reviews a Windows Security event log entry showing multiple logon failures for user 'admin' from IP 10.0.0.100 within 5 minutes. What type of attack is most likely occurring?

Exhibit

Event ID 4625: An account failed to log on. Subject: Account Name: admin, Logon Type: 3, Source Network Address: 10.0.0.100, Workstation Name: WS-001. Failure Reason: Unknown user name or bad password. Count: 15 in 5 minutes.
Question 44hardmultiple choice
Read the full Systems and Application Security explanation →

Refer to the exhibit. A firewall log shows repeated outbound connection attempts from an internal workstation (192.168.1.50) to an external IP (203.0.113.50) on TCP port 445. What is the most likely cause?

Exhibit

2025-04-10 14:23:45 DENY TCP 192.168.1.50:49152 -> 203.0.113.50:445 SYN_SENT OUTBOUND
Question 45easymultiple choice
Read the full Systems and Application Security explanation →

Refer to the exhibit. An IAM policy includes the following statement: 'Effect': 'Allow', 'Action': ['s3:ListBucket','s3:GetObject'], 'Resource': 'arn:aws:s3:::example-bucket/*'. What does this policy allow?

Exhibit

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Effect":"Allow",
      "Action":["s3:ListBucket","s3:GetObject"],
      "Resource":"arn:aws:s3:::example-bucket/*"
    }
  ]
}
Question 46mediummulti select
Read the full Systems and Application Security explanation →

A system administrator is hardening a Windows server. Which two of the following are effective hardening measures? (Choose two.)

Question 47hardmulti select
Read the full Systems and Application Security explanation →

Which three of the following are best practices for securing a database? (Choose three.)

Question 48easymulti select
Read the full Systems and Application Security explanation →

Which two of the following measures ensure the integrity of backup data? (Choose two.)

Question 49mediummultiple choice
Read the full Systems and Application Security explanation →

A security administrator discovers that a web application is vulnerable to SQL injection. Which of the following is the most effective mitigation to implement at the application layer?

Question 50hardmultiple choice
Read the full Systems and Application Security explanation →

During a security audit, an analyst finds that a server's audit log shows repeated failed login attempts from a single IP, followed by a successful login from the same IP five minutes later. What is the most likely type of attack that occurred?

Question 51easymultiple choice
Read the full Systems and Application Security explanation →

A company is implementing a new file-sharing application for employees. Which of the following is the most important security control to prevent unauthorized access to shared files?

Question 52hardmultiple choice
Read the full Systems and Application Security explanation →

A security engineer needs to select a hashing algorithm for storing user passwords in a database. Which of the following is the most secure choice?

Question 53mediummultiple choice
Read the full Systems and Application Security explanation →

A company deploys a new web application and wants to ensure that session tokens are not vulnerable to session hijacking. Which of the following controls is most effective?

Question 54easymultiple choice
Read the full Systems and Application Security explanation →

An organization is migrating its on-premises applications to a cloud provider. Which of the following security controls should be implemented to protect data at rest in the cloud?

Question 55hardmultiple choice
Read the full NAT/PAT explanation →

A security analyst is reviewing a script that performs automated backups. The script uses a hardcoded password to connect to the database. What is the most secure alternative?

Question 56mediummultiple choice
Read the full Systems and Application Security explanation →

A developer wants to ensure that a web application is protected against cross-site request forgery (CSRF). Which mitigation technique is most commonly recommended?

Question 57easymultiple choice
Read the full Systems and Application Security explanation →

An organization requires that all laptops used by employees be encrypted. Which type of encryption should be used to protect the entire hard drive?

Question 58hardmulti select
Read the full Systems and Application Security explanation →

Which TWO of the following are effective measures to prevent buffer overflow attacks in software development?

Question 59easymulti select
Read the full Systems and Application Security explanation →

Which THREE of the following are common types of malware?

Question 60mediummulti select
Read the full Systems and Application Security explanation →

Which TWO of the following are best practices for securing an application programming interface (API)?

Question 61mediummultiple choice
Read the full Systems and Application Security explanation →

A company deploys a web application that processes credit card payments. The development team uses parameterized queries for all database interactions. However, during a penetration test, the tester successfully injects malicious code into a search field and retrieves sensitive customer data. Which of the following is the most likely cause?

Question 62hardmultiple choice
Read the full Systems and Application Security explanation →

An organization uses a cloud-based file synchronization service to share project files with external partners. The security team discovers that an unauthorized third party accessed sensitive documents by guessing weak passwords. Which additional control would most effectively mitigate this risk?

Question 63easymultiple choice
Read the full Systems and Application Security explanation →

A help desk technician receives multiple reports that users cannot access a critical web application. The application's error log shows repeated '403 Forbidden' errors. Which of the following is the most likely cause?

Question 64mediummultiple choice
Read the full Systems and Application Security explanation →

A security analyst needs to ensure that a legacy application running on an unsupported operating system remains secure until it can be replaced. Which strategy provides the most effective risk reduction?

Question 65mediummulti select
Read the full Systems and Application Security explanation →

Which TWO of the following are effective measures to prevent cross-site scripting (XSS) vulnerabilities in a web application?

Question 66hardmulti select
Read the full Systems and Application Security explanation →

Which THREE of the following are best practices for securely managing cryptographic keys in an enterprise environment?

Question 67easymulti select
Read the full Systems and Application Security explanation →

Which TWO of the following are common indicators of a ransomware attack?

Question 68hardmultiple choice
Read the full Systems and Application Security explanation →

A company runs a critical web application on an internal server that authenticates users against a Microsoft SQL Server database. The application was developed by a vendor that is no longer in business, and the source code is unavailable. The current authentication process stores user passwords using reversible encryption. The security team has identified this as a high-risk vulnerability. They propose implementing a database-level trigger that hashes the password column during INSERT and UPDATE operations, and modifying the application's stored procedures to compare hashed values during login. However, after implementation, users report that they cannot log in. The authentication logs show that the password comparison always fails. The database administrator confirms that the trigger is working and that new user registrations store the SHA-256 hash. What is the most likely cause of the login failures?

Question 69mediummultiple choice
Read the full network assurance explanation →

An organization uses a central syslog server to collect logs from firewalls, servers, and network devices. Recently, the security team noticed that some critical events from the firewall are missing from the syslog server. The firewall configuration sends syslog messages using UDP to the syslog server. The syslog server administrator reports that the server is receiving a high volume of logs and occasionally drops packets due to buffer overflow. The team needs to ensure reliable delivery of all syslog messages without losing any. Which solution should the team implement?

Question 70easymultiple choice
Read the full Systems and Application Security explanation →

A small business uses a single Windows Server 2016 machine that also acts as a domain controller, file server, and runs a custom application for inventory management. The server recently exhibited slow performance and frequent crashes. The system administrator runs antivirus and finds no malware. The event log shows several 'Event ID 7000' errors from the Service Control Manager, indicating certain services failed to start. The administrator also notices that the server has not been restarted in 180 days and has several pending updates. What is the most likely cause of the performance issues?

Question 71mediummultiple choice
Read the full wireless explanation →

A healthcare organization uses an electronic health records (EHR) system that stores patient data in a relational database. The system is accessed by doctors and nurses via tablet devices on a wireless network. The security team has detected that some patient records were accessed outside of normal business hours from an IP address not belonging to the organization. The database logs show that the queries originated from the application server. The application logs indicate that the access was performed using a legitimate user account that had been disabled due to employee departure two weeks earlier. Which of the following is the most effective step to prevent recurrence?

Question 72hardmultiple choice
Read the full NAT/PAT explanation →

A financial services organization deploys a new web application that allows customers to check account balances and transfer funds. The application uses a RESTful API with JSON payloads. Shortly after deployment, the security team notices unusual traffic patterns: many requests contain excessively long JSON strings in the 'amount' field, and some of these requests return 500 Internal Server Errors. The application logs show that these requests cause high CPU usage on the application server. The developers confirm that the input validation only checks for negative numbers and characters. Which type of attack is most likely occurring, and what is the best immediate mitigation?

Question 73easymultiple choice
Read the full Systems and Application Security explanation →

A university IT department manages a lab of 50 computers running Windows 10 that are used by students for coursework. The computers are joined to a domain and have Group Policy applied to restrict administrative access. Recently, several students were able to install unauthorized software by using the built-in Administrator account, which had the same password on all lab computers. The IT department wants to prevent this without affecting the students' ability to run required academic software. Which of the following is the most effective solution?

Question 74easymulti select
Read the full Systems and Application Security explanation →

Which TWO of the following are effective measures to prevent buffer overflow attacks in a custom-developed application?

Question 75mediummultiple choice
Read the full Systems and Application Security explanation →

Refer to the exhibit. A security administrator is troubleshooting connectivity to a web server. Users report they can access the website via HTTP and HTTPS, but cannot establish new SSH connections. Which of the following best explains this issue?

Network Topology
0.0.0.0/0 0.0.0.0/0 tcp dpt:80ACCEPT tcp0.0.0.0/0 0.0.0.0/0 tcp dpt:443DROP tcpRefer to the exhibit.```iptables -L -nChain INPUT (policy ACCEPT)target prot opt source destination
Question 76hardmultiple choice
Read the full NAT/PAT explanation →

A medium-sized financial services company has recently deployed a new web application that processes sensitive customer data, including Social Security numbers and account balances. The security team implemented network segmentation, a web application firewall (WAF) from a reputable vendor, and quarterly vulnerability scans. The developers assert that they use parameterized queries for all database calls in the main application code. During a recent penetration test, testers successfully exploited a SQL injection vulnerability, extracting the entire customer database. Further investigation reveals that the main application indeed uses parameterized queries, but a third-party reporting module, integrated to generate compliance reports, constructs SQL queries by concatenating user-supplied date range inputs directly into SQL strings. The WAF is configured with a generic rule set and has not been tuned to the application's specific traffic patterns. What is the most effective course of action to remediate this vulnerability and prevent future occurrences?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SSCP Practice Test 1 — 10 Questions→SSCP Practice Test 2 — 10 Questions→SSCP Practice Test 3 — 10 Questions→SSCP Practice Test 4 — 10 Questions→SSCP Practice Test 5 — 10 Questions→SSCP Practice Exam 1 — 20 Questions→SSCP Practice Exam 2 — 20 Questions→SSCP Practice Exam 3 — 20 Questions→SSCP Practice Exam 4 — 20 Questions→Free SSCP Practice Test 1 — 30 Questions→Free SSCP Practice Test 2 — 30 Questions→Free SSCP Practice Test 3 — 30 Questions→SSCP Practice Questions 1 — 50 Questions→SSCP Practice Questions 2 — 50 Questions→SSCP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Risk Identification, Monitoring and AnalysisNetwork and Communications SecuritySystems and Application SecuritySecurity Operations and AdministrationIncident Response and RecoveryAccess ControlsCryptography

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Systems and Application Security setsAll Systems and Application Security questionsSSCP Practice Hub