CC · topic practice

Scenario practice questions

Practise ISC2 Certified in Cybersecurity CC Scenario practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Scenario

What the exam tests

What to know about Scenario

Scenario questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Scenario exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Scenario questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full Scenario explanation →

A security analyst discovers that a user's account has been used to access sensitive data outside of normal business hours from an unfamiliar IP address. The user claims they were not logged in at that time. Which security operations process should be initiated first?

Question 2mediummultiple choice
Read the full Scenario explanation →

A company is implementing an access control system to protect sensitive data. Employees in the finance department must access financial records, but only during business hours and from company-issued devices. Which access control model best supports these requirements?

Question 3easymultiple choice
Read the full Scenario explanation →

A security administrator notices that an employee is able to access files in a project folder they should not have access to. Which security principle is being violated?

Question 4hardmultiple choice
Read the full Scenario explanation →

An organization is implementing a new identity management system. They want to ensure that users can only access resources necessary for their job roles. Which principle should guide the access control design?

Question 5mediummultiple choice
Read the full Scenario explanation →

A company is designing a new authentication system for remote employees. They want to ensure that if one authentication factor is compromised, the system remains secure. Which security principle should they apply?

Question 6hardmultiple choice
Read the full Scenario explanation →

During a security audit, it is found that a database administrator can access payroll data. The company policy states that administrators should not have access to sensitive HR data. Which security principle is being violated?

Question 7mediummultiple choice
Read the full Scenario explanation →

A security engineer is configuring a firewall to allow web traffic but block all other inbound connections. The firewall is set to deny all traffic by default and only allow specific ports. Which security principle is being applied?

Question 8mediummultiple choice
Read the full Scenario explanation →

Based on the backup schedule, what is the maximum potential data loss?

Exhibit

Refer to the exhibit.

---
Backup Configuration (extract):
- Full backup: Every Sunday at 01:00
- Differential backup: Monday-Saturday at 01:00
- Retention: 30 days
---
A server fails on Wednesday at 10:00. The administrator restores from the most recent full backup and applies the latest differential backup. How much data loss is expected?
Question 9mediummultiple choice
Read the full Scenario explanation →

A security architect is designing access controls for a new application. The requirement is that only managers can approve expense reports above $10,000. Which control model best fits this requirement?

Question 10easymultiple choice
Read the full Scenario explanation →

A security analyst notices that a user's account has been used to access sensitive files outside of normal working hours from an unknown IP address. Which security principle is most directly violated?

Question 11mediummulti select
Read the full Scenario explanation →

Which TWO scenarios best illustrate the principle of least privilege?

Question 12mediummultiple choice
Read the full Scenario explanation →

A system administrator notices that a user has been granted read and write permissions to a folder but should only have read access. Which type of access control issue does this represent?

Question 13easymultiple choice
Read the full Scenario explanation →

A company's primary data center is located in a region prone to hurricanes. The IT team is designing a disaster recovery plan to ensure critical applications resume within 4 hours of a declared disaster. Which of the following is the MOST appropriate recovery strategy?

Question 14easymultiple choice
Read the full Scenario explanation →

A helpdesk technician receives a report that a user in the finance department cannot access a shared folder on the server. The same server is accessible from other departments. What is the most likely cause?

Question 15hardmultiple choice
Read the full Scenario explanation →

A security operations center (SOC) analyst is investigating an alert about a user downloading a suspicious file. The analyst opens the file on a sandboxed virtual machine and observes that it attempts to modify registry keys and establish persistence. This type of analysis is known as:

Question 16mediummultiple choice
Read the full Scenario explanation →

A government agency uses a multi-level security system with mandatory access control (MAC). A user with Secret clearance attempts to write data to a file classified as Confidential. Under the Bell-LaPadula model, which rule applies and what is the outcome?

Question 17easymultiple choice
Read the full Scenario explanation →

A small business has a single server that hosts critical applications. The server's hard drive fails, and the most recent backup is 3 days old. The backup is stored on an external drive that is kept in the same room as the server. The server is also the domain controller and file server. After replacing the drive and restoring from backup, the IT administrator discovers that some user files are missing because they were created after the backup. The administrator needs to minimize data loss in the future. Which of the following should be implemented?

Question 18mediummultiple choice
Read the full Scenario explanation →

A company implements a policy where a financial transaction must be initiated by one employee and approved by a different employee. This is an example of which access control concept?

Question 19hardmultiple choice
Read the full Scenario explanation →

During a tabletop exercise for a data center outage, the IT manager realizes that the disaster recovery plan does not specify how to failover the database cluster. The primary data center fails completely. The standby site has a replica of the database, but the application team cannot promote it because they lack the necessary privileges. What is the most likely cause of this gap?

Question 20hardmultiple choice
Read the full Scenario explanation →

A security analyst is reviewing logs and finds that a user accessed files outside of their department. The user claims it was necessary for a project. Which principle should the analyst use to assess whether this was appropriate?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Scenario sessions

Start a Scenario only practice session

Every question in these sessions is drawn from the Scenario domain — nothing else.

Related practice questions

Related CC topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CC exam test about Scenario?
Scenario questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Scenario questions in a focused session?
Yes — the session launcher on this page draws every question from the Scenario domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CC topics?
Use the topic links above to move to related areas, or go back to the CC question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CC exam covers. They are not copied from any real exam or dump site.