Back to ISC2 Certified in Cybersecurity CC questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise ISC2 Certified in Cybersecurity CC practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

11
scenario questions
CC
exam code
ISC2
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CC topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Full question →

Refer to the exhibit. An IDS generates this alert for traffic from an internal server (10.1.1.50) to an external IP on port 443. The security team investigates and finds that the server is a web application that normally uses TLS 1.2. What does this alert most likely indicate?

Exhibit

Refer to the exhibit.

[IDS Alert Log]
Timestamp: 2024-03-15 10:23:45
Signature: ET POLICY Outgoing SSLv3 Handshake (Possible SSL Stripping)
Source IP: 10.1.1.50
Destination IP: 203.0.113.10
Protocol: TCP
Port: 443
Payload: [Hex dump of ClientHello with version 3.0]
Question 2hardmultiple choice
Full question →

A security analyst investigates a possible data exfiltration. The analyst sees a large amount of data being sent to an external IP address at regular intervals. Which of the following is the most likely technique being used?

Question 3hardmultiple choice
Full question →

During a disaster recovery exercise, the system fails to achieve the RTO. Analysis shows that restoring the database from tape takes 3 hours, but the RTO is 2 hours. Which is the most effective solution?

Question 4hardmultiple choice
Full question →

Refer to the exhibit. A security analyst runs the above iptables command on a Linux server. The server is configured with a default policy of DROP on the INPUT chain. Users report they can SSH to the server but cannot ping it. What is the most likely reason?

Network Topology
0 0 ACCEPT alllo * 0.0.0.0/010 840 ACCEPT tcp5 300 ACCEPT tcp0 0 ACCEPT icmp50 3200 DROP alleth0 * 0.0.0.0/0iptables -L -n -v
Question 5easymultiple choice
Full question →

A network administrator is troubleshooting a connectivity issue between two segments separated by a firewall. The firewall rule allows traffic from 10.1.1.0/24 to 10.2.2.0/24 on TCP 443. Users in 10.1.1.0/24 can access the web server at 10.2.2.10, but users in 10.2.2.0/24 cannot access a web server in 10.1.1.0/24. What is the most likely cause?

Question 6mediummultiple choice
Full question →

A user reports that they are unable to access a shared network drive that they previously could access. The administrator checks permissions and finds the user's account is still a member of the correct group. What should the administrator check next?

Question 7hardmultiple choice
Full question →

A company uses a stateful firewall. A user reports that an application requiring multiple dynamic ports is not working. The firewall logs show that packets from the server are being dropped. What is the most likely cause?

Question 8easymultiple choice
Full question →

During a disaster recovery test, the team discovers that the backup generator fails to start. What is the BEST immediate action?

Question 9hardmulti select
Full question →

A security analyst is troubleshooting an access control issue where a user cannot access a file even though they seem to have the correct permissions. Which three of the following should the analyst investigate? (Select THREE)

Question 10hardmultiple choice
Full question →

Refer to the exhibit. A user from the Auditors group is unable to access the folder. What is the most likely cause?

Exhibit

icacls C:\Projects\Financial
C:\Projects\Financial CONTOSO\Accounting:(R,W)
                      CONTOSO\Auditors:(R)
                      CONTOSO\Management:(F)
                      CONTOSO\Auditors:(DENY)(R)
Question 11easymultiple choice
Read the full VPN explanation →

A network technician is setting up a remote access VPN for employees using IPsec. The company's firewall is configured to allow IPsec traffic. Employees report that they can successfully establish the VPN connection (tunnel appears up), but they cannot ping or access any internal resources (e.g., file servers). The firewall logs show that packets from the VPN client IP addresses are being dropped at the firewall interface. Which of the following is the MOST likely cause of this issue?

These CC practice questions are part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style CC questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.