SSCP · topic practice

Scenario practice questions

Practise Systems Security Certified Practitioner SSCP Scenario practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
18 questionsDomain: Scenario

What the exam tests

What to know about Scenario

Scenario questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Scenario exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Scenario questions

18 questions · select your answer, then reveal the explanation

Question 1hardmultiple choice
Read the full Scenario explanation →

During a penetration test, an attacker was able to bypass input validation and execute commands on a web server. The server runs a PHP application. Which of the following is the MOST likely root cause?

Question 2easymultiple choice
Read the full Scenario explanation →

A company is migrating its on-premises applications to a public cloud. Which security control is MOST important to implement to protect data in transit?

Question 3hardmultiple choice
Read the full Scenario explanation →

A company uses a cloud storage service that encrypts files with a key derived from the user's password (e.g., using PBKDF2). The security team recommends migrating to a separate key management service (KMS) that generates and manages encryption keys independently of user passwords. What is the most critical security advantage of using a KMS in this scenario?

Question 4hardmultiple choice
Open the full VLAN trunking answer →

During a penetration test, the tester captures traffic on a switch port that is part of a VLAN other than the native VLAN. The tester is able to receive traffic destined for the management VLAN. What configuration flaw is exploited?

Question 5hardmultiple choice
Read the full Scenario explanation →

During a security audit, it is discovered that a developer has direct access to production databases. The policy requires that changes be reviewed and deployed by a separate team. Which control is being violated?

Question 6easymultiple choice
Read the full Scenario explanation →

A company wants to ensure that data transmitted between its two branch offices remains confidential. Which cryptographic goal is primarily being addressed?

Question 7hardmultiple choice
Read the full Scenario explanation →

A security analyst reviews logs and finds that an attacker exploited a vulnerability in a web application to read arbitrary files from the server. The application runs on Apache with mod_php. Which of the following is the MOST likely vulnerability?

Question 8easymultiple choice
Read the full Scenario explanation →

A system administrator needs to implement a control that ensures users can only access files necessary for their job functions. Which principle is being applied?

Question 9easymultiple choice
Read the full Scenario explanation →

A system administrator needs to assign permissions to a new employee who will be performing database backups. The employee should only be able to execute the backup command but not read or modify the data. Which access control principle should be applied?

Question 10mediummultiple choice
Read the full Scenario explanation →

A company uses a SIEM to detect anomalies. An alert indicates a user logged in from two geographically distant locations within 5 minutes. What is the most likely indication?

Question 11hardmultiple choice
Read the full Scenario explanation →

Refer to the exhibit. A security analyst reviews these iptables rules and expects SSH access to be blocked, but it is still allowed. What is the MOST likely reason?

Network Topology
ACCEPT tcp0.0.0.0/0 203.0.113.5 tcp dpt:22DROP tcpChain INPUT (policy ACCEPT)target prot opt source destination
Question 12hardmultiple choice
Read the full Scenario explanation →

A company has a policy requiring segregation of duties (SoD) for financial transactions. Which scenario represents a violation of this principle?

Question 13easymultiple choice
Read the full Scenario explanation →

A help desk technician needs to reset a user's password but should not be able to modify other user attributes. Which access control principle should be applied to enforce this restriction?

Question 14mediummultiple choice
Read the full Scenario explanation →

A user reports they can now access files in a shared drive that were previously denied. Upon investigation, the IT team discovers the user was added to a new group that has read/write permissions to the drive. This situation is best described as:

Question 15easymultiple choice
Read the full Scenario explanation →

Based on the exhibit, what type of attack is most likely occurring?

Exhibit

Refer to the exhibit. The following is from a Windows security log:
Event ID 4625 (Logon Failure)
Account Name: multiple different usernames
Source Network Address: 10.10.10.10
Failure Reason: Unknown user name or bad password.
Multiple such entries appear within a short time span, each with a different username but the same source IP.
Question 16mediummultiple choice
Read the full Scenario explanation →

A system administrator is configuring a file encryption solution for a shared network drive. The solution must allow multiple users to read the files without sharing a single symmetric key. Which approach should be used?

Question 17easymultiple choice
Read the full Scenario explanation →

Refer to the exhibit. A security analyst notices that multiple internal hosts are using the same inside global IP address but different port numbers. Which technology is being used?

Exhibit

Router# show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 203.0.113.10:80   192.168.1.10:80    198.51.100.20:80   198.51.100.20:80
tcp 203.0.113.10:443  192.168.1.10:443   198.51.100.20:443  198.51.100.20:443
tcp 203.0.113.11:80   192.168.1.11:80    198.51.100.30:80   198.51.100.30:80
Question 18easymultiple choice
Read the full Scenario explanation →

Refer to the exhibit. An analyst sees these logs and is concerned about a potential attack. What is the most likely scenario?

Exhibit

Jan 15 10:35:22 192.168.1.1 10.0.0.2 TCP_SYN 192.168.1.100:31456 -> 10.0.0.2:3389
Jan 15 10:35:22 192.168.1.1 10.0.0.2 TCP_SYN_ACK 10.0.0.2:3389 -> 192.168.1.100:31456
Jan 15 10:35:23 192.168.1.1 10.0.0.2 TCP_ACK 192.168.1.100:31456 -> 10.0.0.2:3389
Jan 15 10:35:24 192.168.1.1 10.0.0.2 TCP_FIN 192.168.1.100:31456 -> 10.0.0.2:3389

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Scenario sessions

Start a Scenario only practice session

Every question in these sessions is drawn from the Scenario domain — nothing else.

Related practice questions

Related SSCP topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SSCP exam test about Scenario?
Scenario questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Scenario questions in a focused session?
Yes — the session launcher on this page draws every question from the Scenario domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SSCP topics?
Use the topic links above to move to related areas, or go back to the SSCP question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SSCP exam covers. They are not copied from any real exam or dump site.