10 free, exam-style Systems Security Certified Practitioner (SSCP) practice questions with answers and explanations. No signup required. Work through them below, then take the full free SSCP practice test to study every exam domain.
A security practitioner at Meridian Health discovers that their employer has been concealing a breach affecting thousands of patient records. The practitioner's manager instructs them to remain silent. According to the ISC2 Code of Ethics, the practitioner should:
Correct answer: B - Report the breach through appropriate channels, as protecting society takes precedence over service to principals
A defense contractor requires that analysts with 'Secret' clearance can read documents classified at their level or below but cannot write information to any document at a lower classification level. Which security model enforces these restrictions?
Correct answer: A - Bell-LaPadula
A database server is valued at $500,000. A risk assessment determines that a ransomware attack would damage 30% of the asset's value and is expected to occur approximately twice every five years. What is the Annualized Loss Expectancy (ALE)?
Correct answer: D - $60,000
A forensic analyst arrives at the scene of a suspected data exfiltration and must collect digital evidence from the compromised workstation. The workstation is still powered on. Following the order of volatility, which evidence should be collected FIRST?
Correct answer: B - Contents of RAM, including running processes and network connections
An organization needs to verify that a software update received from a vendor has not been altered during transit AND confirm the identity of the vendor. Which cryptographic mechanism satisfies BOTH requirements?
Correct answer: C - A digital signature applied by the vendor
A network administrator is configuring authentication for both wireless network access and router management. For wireless authentication, the team selects RADIUS. For router administration, a protocol that encrypts the entire session and allows granular control over which commands each administrator can execute is preferred. Which protocol meets the router administration requirement?
Correct answer: A - TACACS+
A company migrates its email to a SaaS provider and its virtual servers to an IaaS platform. A junior analyst claims the cloud providers are now fully responsible for securing all data. Which statement BEST corrects this misunderstanding?
Correct answer: D - The customer remains responsible for data classification and access management regardless of the service model
Verity Financial performs a full backup every Sunday night and incremental backups Monday through Saturday. A server failure occurs on Thursday afternoon. To perform a complete restoration, which combination of backups is required?
Correct answer: B - Sunday's full backup plus Monday's, Tuesday's, Wednesday's, and Thursday's incremental backups
A security team deploys a device that monitors a copy of network traffic via a SPAN port and generates alerts when it detects patterns matching known attack signatures. The device does NOT sit inline with traffic. This device is BEST described as a:
Correct answer: A - Network-based Intrusion Detection System (NIDS)
An organization discovers that a system administrator who recently transferred from the IT department to the marketing department still has root access to all production servers. This situation is a failure of which security principle?
Correct answer: C - Least privilege
Practice hundreds more SSCP questions with instant scoring, weak-area drills, and full exam simulations.